CVE-2026-43415

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix SError in ufshcdrtcwork during UFS suspend In ufshcdwlsuspend, canceldelayedworksync is called to cancel the UFS RTC work, but it is placed after ufshcdvopssuspendhba, pmop, POSTCHANGE. This creates a race...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013522)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013522 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: iscsitcp: Fix UAF during logout when accessing the shost ipaddress Bug report and analysis...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007625)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007625 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: storage: Fix memory leak in USB bulk transport A kernel memory leak was identified by the...

Virtuozzo Infrastructure 7.3 (7.3.0-171) (formerly Virtuozzo Hybrid Infrastructure)

This release focuses on technical improvements, user experience enhancements, storage performance, and S3 protocol capabilities. It also introduces the product rename from Virtuozzo Hybrid Infrastructure to Virtuozzo Infrastructure. Additionally, this release delivers stability fixes and addresse...

openSUSE 16 Security Update : kernel (Live Patch 1 for SUSE Linux Enterprise 16) (openSUSE-SU-2026:20311-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20311-1 advisory. This update for the SUSE Linux Enterprise kernel 6.12.0-160000.6.1 fixes one security issue The following security issue was fixed: - CVE-2025-40130:...

scsi: qla2xxx: Validate sp before freeing associated memory

...

CVE-2026-23216

Technical details for CVE-2026-23216 are not publicly provided in the supplied documents. The available description mentions a fix in iscsit_dec_conn_usage_count() and a kernel patch, but no vendor/product specifics.

Security update for the Linux Kernel RT (Live Patch 5 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise kernel 6.4.0-150700.7.19 fixes various security issues The following security issues were fixed: CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in liotargetnaclinfoshow bsc1251787. CVE-2025-40204: sctp: Fix MAC comparison to be constant-time...

SUSE-SU-2026:0147-1 Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise kernel 640-150700.7.22 fixes various security issues The following security issues were fixed: - CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in liotargetnaclinfoshow bsc1251787. - CVE-2025-40204: sctp: Fix MAC comparison to be constant-time...

nvmet: always initialize cqe.result

...

CVE-2023-53676 scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show()

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix buffer overflow in liotargetnaclinfoshow The function liotargetnaclinfoshow uses sprintf in a loop to print details for every iSCSI connection in a session without checking for the buffer length. With...

CVE-2023-53627 scsi: hisi_sas: Grab sas_dev lock when traversing the members of sas_dev.list

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Grab sasdev lock when traversing the members of sasdev.list When freeing slots in function slotcompletev3hw, it is possible that sasdev.list is being traversed elsewhere, and it may trigger a NULL pointer exception...

PT-2025-41120

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The lio target nacl info show function within the iSCSI target component does not properly validate buffer lengths when using sprintf in a loop to display details for each iSCSI...

CVE-2023-53451

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix potential NULL pointer dereference Klocwork tool reported 'curdsd' may be dereferenced. Add fix to validate pointer before dereferencing the pointer...

CVE-2022-50467 scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFTID An error case exit from lpfccmplctcmdgftid results in a call to lpfcnlpput with a null pointer to a nodelist structure. Changed lpfccmplctcmdgftid to...

CVE-2023-53464 scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param()

In the Linux kernel, the following vulnerability has been resolved: scsi: iscsitcp: Check that sock is valid before iscsisetparam The validity of sock should be checked before assignment to avoid incorrect values. Commit 57569c37f0ad "scsi: iscsi: iscsitcp: Fix null-ptr-deref while calling...

PT-2025-40152

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s SCSI subsystem, specifically within the lpfc driver. An error case during exit from the lpfc cmpl ct cmd gft id function can lead to a call to lpfc nl...

NewStart CGSL MAIN 6.06 : qemu Multiple Vulnerabilities (NS-SA-2025-0227)

The remote NewStart CGSL host, running version MAIN 6.06, has qemu packages installed that are affected by multiple vulnerabilities: - A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPIC...

scsi: lpfc: Fix buffer free/clear order in deferred receive path

...

scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated

...