QEMU: off-by-one error in mode_sense_page() in hw/scsi/scsi-disk.c

An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in modesensepage if the 'page' argument was set to MODEPAGEALLS 0x3f. A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service conditio...

QEMU: scsi-generic: possible OOB access while handling inquiry request

In QEMU 3.1, scsihandleinquiryreply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations...

The vulnerability of the Windows operating system, which allows a malicious individual to trigger a service failure

The Windows operating system contains a vulnerability related to errors in handling iSCSI connections. Exploiting this vulnerability can lead to service failures...

kernel: block: default SCSI command filter does not accomodate commands overlap across device classes

block/scsiioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SGIO ioctl call that leverages overlapping opcodes...

kernel: block: default SCSI command filter does not accomodate commands overlap across device classes

block/scsiioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SGIO ioctl call that leverages overlapping opcodes...

kernel: bio: integer overflow page count when mapping/copying user data

Multiple integer overflows in fs/bio.c in the Linux kernel before 2.6.36.2 allow local users to cause a denial of service system crash via a crafted device ioctl to a SCSI device...