CVE-2026-43414

Published: May 8, 2026

Modified: May 23, 2026

PUBLISHED

CVSS v3.1

9.8

CRITICAL

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Completely fix fcport double free In qla24xx_els_dcmd_iocb() sp->free is set to qla2x00_els_dcmd_sp_free(). When an error happens, this function is called by qla2x00_sp_release(), when kref_put() releases the first and the last reference. qla2x00_els_dcmd_sp_free() frees fcport by calling qla2x00_free_fcport(). Doing it one more time after kref_put() is a bad idea.

Vendor	Product	Versions
Linux	Linux	affected `4895009c4bb72f71f2e682f1e7d2c2d96e482087 - < d48ea85463f5b34f7b92ea0a13eddf1ab993da7b` affected `4895009c4bb72f71f2e682f1e7d2c2d96e482087 - < c0b7da13a04bd70ef6070bfb9ea85f582294560a` affected `7861213201838480dc222634c56fb6db113d010d` affected `3b9d72442adfbc9ddb0f76dd1b03977b3a578b16` affected `ef23850940d9a52c39936d27254824ccf5e9b6bd` +12 more versions
Linux	Linux	affected `6.9` unaffected `0 - < 6.9` unaffected `6.19.9 - <= 6.19.` unaffected `7.0 - <= `

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

https://git.kernel.org/stable/c/d48ea85463f5b34f7b92ea0a13eddf1ab993da7b

https://git.kernel.org/stable/c/c0b7da13a04bd70ef6070bfb9ea85f582294560a

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-43414

Description

Affected Products

CVSS v3.1 Details

References