Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcmloop: The “Drain commands” step in the targetreset handler is incorrect. The tcmlooptargetreset function violates the SCSI EH contract: it returns SUCCESS without draining any ongoing commands. The SCSI EH...

SUSE CVE-2026-43054

In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcmloop: Drain commands in targetreset handler tcmlooptargetreset violates the SCSI EH contract: it returns SUCCESS without draining any in-flight commands. The SCSI EH documentation scsieh.rst requires that when a...

CVE-2026-43054

A flaw was found in the Linux kernel's SCSI target subsystem, specifically within the tcmloop module. This vulnerability arises when the tcmlooptargetreset function, responsible for handling target resets, fails to properly clear out commands that are still being processed. A local user or proces...

Linux Distros Unpatched Vulnerability : CVE-2026-43054

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scsi: target: tcmloop: Drain commands in targetreset handler tcmlooptargetreset violates the SCSI EH contract: it returns SUCCESS without draining any in-flight...

CVE-2026-43054

In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcmloop: Drain commands in targetreset handler tcmlooptargetreset violates the SCSI EH contract: it returns SUCCESS without draining any in-flight commands. The SCSI EH documentation scsieh.rst requires that when a...

CVE-2026-43054 scsi: target: tcm_loop: Drain commands in target_reset handler

In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcmloop: Drain commands in targetreset handler tcmlooptargetreset violates the SCSI EH contract: it returns SUCCESS without draining any in-flight commands. The SCSI EH documentation scsieh.rst requires that when a...

CVE-2026-43054

CVE-2026-43054 concerns the Linux kernel SCSI target core (tcm_loop). The vulnerability stems from tcm_loop_target_reset() not draining in-flight commands, which can cause SCSI EH to reuse in-flight scsi_cmnd structures and leak LUN references, potentially hanging configfs LUN unlink. The fix dra...

CVE-2026-43054

In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcmloop: Drain commands in targetreset handler tcmlooptargetreset violates the SCSI EH contract: it returns SUCCESS without draining any in-flight commands. The SCSI EH documentation scsieh.rst requires that when a...

EUVD-2026-26653

In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcmloop: Drain commands in targetreset handler tcmlooptargetreset violates the SCSI EH contract: it returns SUCCESS without draining any in-flight commands. The SCSI EH documentation scsieh.rst requires that when a...

PT-2026-36471

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The tcm loop target reset function violates the SCSI Error Handler EH contract by returning success without draining in-flight commands. This allows the SCSI EH to reuse scsi cmnd...

CVE-2025-68782

In the Linux kernel, the following vulnerability has been resolved: scsi: target: Reset ttaskcdb pointer in error case If allocation of cmd-ttaskcdb fails, it remains NULL but is later dereferenced in the 'err' path. In case of error, reset NULL ttaskcdb value to point at the default fixed-size...

ManageEngine ADSelfService Plus Custom Script Execution

This module exploits the "custom script" feature of ADSelfService Plus. The feature was removed in build 6122 as part of the patch for CVE-2022-28810. For purposes of this module, a "custom script" is arbitrary operating system command execution. This module uses an attacker provided "admin"...