SUSE CVE-2026-46105

In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Limit NVMe request size to 2 MiB The HBA firmware reports NVMe MDTS values based on the underlying drive capability. However, because the driver allocates a fixed 4K buffer for the PRP list, accommodating at most 5...

CLEANSTART-2026-TC76376 Security fixes for CVE-2025-61732, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33810, ghsa-p77j-4mvh-x3m3, ghsa-r6j8-c6r2-37rr applied in versions: 4.12.1-r1, 4.12.1-r2

Multiple security vulnerabilities affect the kubernetes-csi-driver-nfs-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

EUVD-2024-19568

Improper Input Validation in the AMD RAID driver could allow an attacker to point to an arbitrary memory location potentially resulting in privilege escalation and arbitrary code execution...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: qed: Do not collect too many protection override GRC elements In the protection override dump path, the firmware may return far too many GRC elements, leading to attempts to write beyond the previously allocated dump buffer. This...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011002)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011002 advisory. In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Fix uninit-value in alaudacheckmedia Syzbot got KMSAN to complain about acce...

RHEL 10 : kernel (RHSA-2026:8342)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:8342 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Local denial of...

nvme: fix memory allocation in nvme_pr_read_keys()

...

OPENSUSE-SU-2026:20287-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 16.0 and SL MIxro 6.2 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-40147: blk-throttle: fix access race during throttle policy activation bsc1253344. - CVE-2025-40257: mptcp: fix a race in mptcppmdeladdtimer...

scsi: qla2xxx: Free sp in error path to fix system crash

...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to the DefaultConfig function, which sets TlsInsecureSkipVerify to true, disabling TLS certificate verification for all outgoing storage driver communications. An attacker can intercept and manipulate...

GHSA-WF93-3GHH-H389 OpenList has Insecure TLS Default Configuration

Summary The application disables TLS certificate verification by default for all outgoing storage driver communications, making the system vulnerable to Man-in-the-Middle MitM attacks. This enables the complete decryption, theft, and manipulation of all data transmitted during storage operations,...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003380)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003380 advisory. The uas driver in the Linux kernel before 4.13.6 allows local users to cause a denial of service out-of- bounds read and system crash or possibly have unspecified...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993303)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993303 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Perform lockless command completion in abort path While adding and removing the...

scsi: smartpqi: Fix device resources accessed after device removal

...

kernel: scsi: qla2xxx: Wait for io return on terminate rport

A flaw was found in the Linux kernel’s SCSI driver component qla2xxx used with FCP-2 devices. When the terminaterportio function is invoked , the driver may exit cleanup before all outstanding I/O operations have returned. This can lead to a use-after-free condition when resources are freed while...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted A use-after-free crash can occur after an ELS LOGO is aborted. Specifically, a nodelist structure is freed and then ndlp-vport-cfglogverbose is dereferenced in...

Linux Distros Unpatched Vulnerability : CVE-2025-40345

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: storage: sddr55: Reject out-of-bound newpba Discovered by Atuin - Automated Vulnerability Discovery Engine. newpba comes from the status packet returned...

CVE-2025-59517

CVE-2025-59517 is a Windows Storage VSP Driver elevation of privilege vulnerability caused by improper access control. Exploitation would enable a locally authenticated attacker to elevate privileges on affected Windows systems. Connected documents confirm this is tied to the Windows Storage VSP ...

EUVD-2025-202232

Improper access control in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally...

CVE-2025-59517 Windows Storage VSP Driver Elevation of Privilege Vulnerability

...