CVE-2026-46149

In the Linux kernel, the following vulnerability has been resolved: scsi: target: configfs: Bound snprintf return in tgptgpmembersshow targettgptgpmembersshow formats LUN paths with snprintf into a 256-byte stack buffer, then will memcpy curlen bytes from that buffer. snprintf returns the length...

CVE-2026-43054

In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcmloop: Drain commands in targetreset handler tcmlooptargetreset violates the SCSI EH contract: it returns SUCCESS without draining any in-flight commands. The SCSI EH documentation scsieh.rst requires that when a...

PT-2026-36472

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the target core file component, the aio cmd structure does not properly initialize the iocb for the ki write stream. During the execution of a write command via the fd execute rw aio...

scsi: target: Fix recursive locking in __configfs_open_file()

...

CVE-2026-4652 Remote denial of service via null pointer dereference

On a system exposing an NVMe/TCP target, a remote client can trigger a kernel panic by sending a CONNECT command for an I/O queue with a bogus or stale CNTLID. An attacker with network access to the NVMe/TCP target can trigger an unauthenticated Denial of Service condition on the affected machine...

CVE-2026-23296

CVE-2026-23296 affects the Linux kernel SCSI core, specifically a refcount leak in tagset_refcnt that can cause a hang when tearing down a SCSI host (e.g., iscsid hang during SCSI scanning). The vulnerability is local in nature with a base score of 5.5 (MEDIUM); exploitation details are not provi...

scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()

...

CVE-2026-23193

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsitdecsessionusagecount In iscsitdecsessionusagecount, the function calls complete while holding the sess-sessionusagelock. Similar to the connection usage count logic, the waiter...

CVE-2026-23179

The CVE affects the Linux kernel nvmet-tcp implementation. A deadlock could occur when a socket is closed during TCP_LISTEN because nvmet_tcp_listen_data_ready() is called with sk_callback_lock held; the fix adds a TCP_LISTEN check before acquiring the lock to avoid deadlock. The issue is resolve...

SUSE-SU-2026:0274-1 Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise 15 SP6)

This update for the SUSE Linux Enterprise kernel 6.4.0-150600.23.47 fixes various security issues The following security issues were fixed: - CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in liotargetnaclinfoshow bsc1251787. - CVE-2025-38476: rpl: Fix use-after-free in rpldosrhinline...

Security update for the Linux Kernel (Live Patch 7 for SUSE Linux Enterprise 15 SP6)

This update for the SUSE Linux Enterprise kernel 6.4.0-150600.23.33 fixes various security issues The following security issues were fixed: CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in liotargetnaclinfoshow bsc1251787. CVE-2025-38476: rpl: Fix use-after-free in rpldosrhinline...

SUSE-SU-2026:0185-1 Security update for the Linux Kernel (Live Patch 45 for SUSE Linux Enterprise 15 SP4)

This update for the SUSE Linux Enterprise kernel 5.14.21-150400.24.179 fixes various security issues The following security issues were fixed: - CVE-2022-50327: ACPI: processor: idle: Check acpifetchacpidev return value bsc1254451. - CVE-2022-50490: bpf: Propagate error from htablockbucket to...

SUSE SLES15 Security Update : kernel RT (Live Patch 6 for SUSE Linux Enterprise 15 SP7) (SUSE-SU-2026:0147-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0147-1 advisory. This update for the SUSE Linux Enterprise kernel 640-150700.7.22 fixes various security issues The following security issues were fixed: -...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003001)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003001 advisory. A security flaw was found in the chapservercomputemd5 function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiato...

CVE-2025-68782 scsi: target: Reset t_task_cdb pointer in error case

In the Linux kernel, the following vulnerability has been resolved: scsi: target: Reset ttaskcdb pointer in error case If allocation of cmd-ttaskcdb fails, it remains NULL but is later dereferenced in the 'err' path. In case of error, reset NULL ttaskcdb value to point at the default fixed-size...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2022-50280: pnode: terminate at peers of source bsc1249806. CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in liotargetnaclinfoshow bsc1251786...

UBUNTU-CVE-2022-50717

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds check on Transfer Tag ttag is used as an index to get cmd in nvmettcphandleh2cdatapdu, add a bounds check to avoid out-of-bounds access...

SUSE CVE-2025-68229

In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcmloop: Fix segfault in tcmlooptpgaddressshow If the allocation of tlhba-sh fails in tcmloopdriverprobe and we attempt to dereference it in tcmlooptpgaddressshow we will get a segfault, see below for an example. So...

scsi: target: iscsi: Fix a race condition between login_work and the login thread

...

EUVD-2025-124912

In the Linux kernel, the following vulnerability has been resolved: nvmet-fc: move lsop put work to nvmetfclsreqop It’s possible for more than one async command to be in flight from nvmetfcsendlsreq. For each command, a tgtport reference is taken. In the current code, only one put work item is...