CVE Catalog

CVE-2026-43414

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.38%

30th percentile — higher than 30% of all known CVEs

Summary

In the Linux kernel, a double free of the fcport structure was found in the qla2xxx SCSI driver. The function qla2x00_els_dcmd_sp_free() frees fcport, and a subsequent kref_put() call triggers a second free, potentially causing memory corruption.

Risk Assessment

Double free memory corruption can lead to system crashes, unpredictable behavior, or potential exploitation for privilege escalation.

Recommendation

Immediately update the Linux kernel to a version containing the fix that removes the redundant kref_put() call after freeing fcport.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Completely fix fcport double free In qla24xx_els_dcmd_iocb() sp->free is set to qla2x00_els_dcmd_sp_free(). When an error happens, this function is called by qla2x00_sp_release(), when kref_put() releases the first and the last reference. qla2x00_els_dcmd_sp_free() frees fcport by calling qla2x00_free_fcport(). Doing it one more time after kref_put() is a bad idea.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS