Astra Linux - уязвимость в linux-6.1, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: vhost-scsi: Protection of vq-logused using vq-mutex was added. The vhost-scsi completion path may access vq-logbase when vq-logused is already set to false. vhost-thread / QEMU-thread vhostscsicompletecmdwork → vhostaddused →...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: vhost/scsi: Null pointer dereference in vhostscsigetreq Since commit 3f8ca2e115e5 “vhost/scsi: Extract common handling code from control queue handler”, a null pointer dereference bug can occur when the guest sends an SCSI AN...

ROS-20260407-73-0001

A vulnerability in the vhostscsisetendpoint and vhostscsiclearendpoint functions in the drivers/vhost/scsi.c module of the Linux kernel is related to the reuse of previously freed memory. Exploitation of the vulnerability may allow an intruder to affect confidentiality, integrity and availability...

Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2022-50453: gpiolib: cdev: fix NULL-pointer dereferences bsc1250887. CVE-2023-53794: cifs: fix session state check in reconnect to avoid use-after-free issue...

Unbreakable Enterprise kernel security update

5.15.0-316.196.4.2 - xfrm: also call xfrmstatedeletetunnel at destroy time for states that were never added Sabrina Dubroca - usb: raw-gadget: cap rawio transfer length to KMALLOCMAXSIZE Gopi Krishna Menon - ext4: clear istateflags when alloc inode Haibo Chen - ext4: align max orphan file size wi...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38074)

"The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38074 advisory. - In the Linux kernel, the following vulnerability has been resolved: vhost-scsi: protect vq-logused with...

Azure Linux 3.0 Security Update: kernel (CVE-2025-22083)

"The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22083 advisory. - In the Linux kernel, the following vulnerability has been resolved: vhost-scsi: Fix handling of multiple...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000630)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000630 advisory. Array index error in the tcmvhostmaketpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service memo...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002159)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002159 advisory. Array index error in the tcmvhostmaketpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service memo...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002347)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002347 advisory. Array index error in the tcmvhostmaketpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service memo...

Unbreakable Enterprise kernel security update

5.15.0-316.196.4.1 - tipc: Fix use-after-free in tipcmonreinitself. Kuniyuki Iwashima Orabug: 38788585 CVE-2025-40280 - fs/proc: fix uaf in procreaddirde Wei Yang Orabug: 38788587 CVE-2025-40271 - vsock: Ignore signal/timeout on connect if already established Michal Luczaj Orabug: 38788594...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-49863)

vhost/scsi: null-ptr-dereference in vhostscsigetreq. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504486; scriptversion"1.2";...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-411373)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-411373 advisory. In the Linux kernel, the following vulnerability has been resolved: vhost/scsi: null-ptr-dereference in vhostscsigetreq Since commit 3f8ca2e115e5 vhost/scsi: Extract...

EUVD-2025-11212

Malicious code in bioql PyPI...

EUVD-2025-18579

Malicious code in bioql PyPI...

EulerOS 2.0 SP12 : kernel (EulerOS-SA-2025-2043)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : netsched: hfsc: Fix a UAF vulnerability in class with netem as child qdiscCVE-2025-37890 crypto: lzo - Fix compression buffer overrunCVE-2025-3806...

Linux Distros Unpatched Vulnerability : CVE-2025-38074

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vhost-scsi: protect vq-logused with vq-mutex The vhost-scsi completion path may access vq-logbase when vq-logused is already set to false. vhost-thread...

vhost-scsi: protect vq->log_used with vq->mutex

...

vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint

...

CVE-2025-38074

In the Linux kernel, the following vulnerability has been resolved: vhost-scsi: protect vq-logused with vq-mutex The vhost-scsi completion path may access vq-logbase when vq-logused is already set to false. vhost-thread QEMU-thread vhostscsicompletecmdwork - vhostaddused - vhostaddusedn if...