175 matches found
SUSE CVE-2026-45962
In the Linux kernel, the following vulnerability has been resolved: ublk: Validate SQE128 flag before accessing the cmd ublkctrlcmddump accesses header sqe-cmd before IOURINGFSQE128 flag check. This could cause out of boundary memory access. Move the SQE128 flag check earlier in ublkctrluringcmd ...
SUSE CVE-2026-45975
In the Linux kernel, the following vulnerability has been resolved: ublk: use READONCE to read struct ublksrvctrlcmd struct ublksrvctrlcmd is part of the iouringsqe, which may lie in userspace-mapped memory. It's racy to access its fields with normal loads, as userspace may write to them...
Linux Distros Unpatched Vulnerability : CVE-2026-45962
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ublk: Validate SQE128 flag before accessing the cmd ublkctrlcmddump accesses header sqe-cmd...
CVE-2026-45975
A flaw was found in the Linux kernel's ublk subsystem. A local attacker could exploit a race condition where the kernel reads struct ublksrvctrlcmd from userspace-mapped memory without proper synchronization. This allows a malicious user to concurrently write to the structure, potentially causing...
EUVD-2026-32246
In the Linux kernel, the following vulnerability has been resolved: ublk: Validate SQE128 flag before accessing the cmd ublkctrlcmddump accesses header sqe-cmd before IOURINGFSQE128 flag check. This could cause out of boundary memory access. Move the SQE128 flag check earlier in ublkctrluringcmd ...
UBUNTU-CVE-2026-45962
In the Linux kernel, the following vulnerability has been resolved: ublk: Validate SQE128 flag before accessing the cmd ublkctrlcmddump accesses header sqe-cmd before IOURINGFSQE128 flag check. This could cause out of boundary memory access. Move the SQE128 flag check earlier in ublkctrluringcmd ...
CVE-2026-45975
CVE-2026-45975 affects the Linux kernel’s block I/O path: reading the ublksrv_ctrl_cmd (part of io_uring_sqe) from userspace-mapped memory using normal loads can race with concurrent writes. The fix applies READ_ONCE() to copy the ublksrv_ctrl_cmd from the io_uring_sqe to the stack and use the lo...
CVE-2026-45962
In the Linux kernel ublk subsystem, CVE-2026-45962 describes a vulnerability where ublk_ctrl_cmd_dump() may access (header *)sqe->cmd before validating IO_URING_F_SQE128, risking out-of-bounds memory access. The fix moves the SQE128 flag check earlier in ublk_ctrl_uring_cmd() to immediately re...
CVE-2026-45962 ublk: Validate SQE128 flag before accessing the cmd
In the Linux kernel, the following vulnerability has been resolved: ublk: Validate SQE128 flag before accessing the cmd ublkctrlcmddump accesses header sqe-cmd before IOURINGFSQE128 flag check. This could cause out of boundary memory access. Move the SQE128 flag check earlier in ublkctrluringcmd ...
PT-2026-43829
In the Linux kernel, the following vulnerability has been resolved: ublk: Validate SQE128 flag before accessing the cmd ublk ctrl cmd dump accesses header sqe-cmd before IO URING F SQE128 flag check. This could cause out of boundary memory access. Move the SQE128 flag check earlier in ublk ctrl...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ublk: It is necessary to sanitize the arguments from userspace when adding a device. The Sanity function checks the values for queue depth and the number of queues that we obtain from userspace when adding a device...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ublk: A use-after-free issue has been fixed in ublkpartitionscanwork. There exists a race condition between the async partition scan work and the device teardown process, which can lead to a use-after-free of ub-ubdisk: 1...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ublk: A deadlock occurs when reading the partition table. When a process such as udev opens the ublk block device e.g., to read the partition table using bdevopen, a deadlock can occur: 1. bdevopen grabs the disk-openmutex. 2. Th...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ublk: Fixed a race condition between iouringcmdcompleteintask and ublkCancelCmd. The ublkCancelCmd function calls iouringcmdDone to complete the uring command. However, we might have scheduled task operations via...
CVE-2026-43364
A flaw was found in the Linux kernel's ublk subsystem. A local user can trigger a NULL pointer dereference by sending an UPDATESIZE command to a ublk device that has been added but not yet started, or one that has been stopped. This occurs due to insufficient state validation before dereferencing...
EUVD-2026-28670
In the Linux kernel, the following vulnerability has been resolved: ublk: fix NULL pointer dereference in ublkctrlsetsize ublkctrlsetsize unconditionally dereferences ub-ubdisk via setcapacityandnotify without checking if it is NULL. ub-ubdisk is NULL before UBLKCMDSTARTDEV completes it is only...
CVE-2026-43364
In the Linux kernel, the following vulnerability has been resolved: ublk: fix NULL pointer dereference in ublkctrlsetsize ublkctrlsetsize unconditionally dereferences ub-ubdisk via setcapacityandnotify without checking if it is NULL. ub-ubdisk is NULL before UBLKCMDSTARTDEV completes it is only...
CVE-2026-43364
In the Linux kernel, the following vulnerability has been resolved: ublk: fix NULL pointer dereference in ublkctrlsetsize ublkctrlsetsize unconditionally dereferences ub-ubdisk via setcapacityandnotify without checking if it is NULL. ub-ubdisk is NULL before UBLKCMDSTARTDEV completes it is only...
CVE-2026-43364
In the Linux kernel, the following vulnerability has been resolved: ublk: fix NULL pointer dereference in ublkctrlsetsize ublkctrlsetsize unconditionally dereferences ub-ubdisk via setcapacityandnotify without checking if it is NULL. ub-ubdisk is NULL before UBLKCMDSTARTDEV completes it is only...
PT-2026-39025
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference exists in the ublk ctrl set size function. The issue occurs because the function calls set capacity and notify using ub-ub disk without verifying if the pointe...