7.8

CVE-2026-23306

EPSS 0.02%
Veröffentlicht 25.03.2026 10:27:01
Zuletzt bearbeitet 02.04.2026 15:16:30
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

scsi: pm8001: Fix use-after-free in pm8001_queue_command()

In the Linux kernel, the following vulnerability has been resolved:

scsi: pm8001: Fix use-after-free in pm8001_queue_command()

Commit e29c47fe8946 ("scsi: pm8001: Simplify pm8001_task_exec()") refactors
pm8001_queue_command(), however it introduces a potential cause of a double
free scenario when it changes the function to return -ENODEV in case of phy
down/device gone state.

In this path, pm8001_queue_command() updates task status and calls
task_done to indicate to upper layer that the task has been handled.
However, this also frees the underlying SAS task. A -ENODEV is then
returned to the caller. When libsas sas_ata_qc_issue() receives this error
value, it assumes the task wasn't handled/queued by LLDD and proceeds to
clean up and free the task again, resulting in a double free.

Since pm8001_queue_command() handles the SAS task in this case, it should
return 0 to the caller indicating that the task has been handled.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 9

CNA 2 VulnDex Vulnerability Enrichment 7

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version e29c47fe8946cc732b0e0d393b65b13c84bb69d0

Version < ebbb852ffbc952b95ddb7e3872b67b3e74c6da47

Status affected

Version e29c47fe8946cc732b0e0d393b65b13c84bb69d0

Version < 8b00427317ba7b7ec91252b034009f638d0f311b

Status affected

Version e29c47fe8946cc732b0e0d393b65b13c84bb69d0

Version < c5dc39f8ae055520fd778b7fb0423f11586f15c4

Status affected

Version e29c47fe8946cc732b0e0d393b65b13c84bb69d0

Version < 824a7672e3540962d5c77d4c6666254d7aa6f0b3

Status affected

Version e29c47fe8946cc732b0e0d393b65b13c84bb69d0

Version < 227ff4af00abc40b95123cc27ee8079069dcd8d7

Status affected

Version e29c47fe8946cc732b0e0d393b65b13c84bb69d0

Version < 38353c26db28efd984f51d426eac2396d299cca7

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 5.18

Status affected

Version 0

Version < 5.18

Status unaffected

Version <= 6.1.*

Version 6.1.167

Status unaffected

Version <= 6.6.*

Version 6.6.130

Status unaffected

Version <= 6.12.*

Version 6.12.77

Status unaffected

Version <= 6.18.*

Version 6.18.17

Status unaffected

Version <= 6.19.*

Version 6.19.7

Status unaffected

Version <= *

Version 7.0

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.034

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/ebbb852ffbc952b95ddb7e3872b67b3e74c6da47

https://git.kernel.org/stable/c/8b00427317ba7b7ec91252b034009f638d0f311b

https://git.kernel.org/stable/c/c5dc39f8ae055520fd778b7fb0423f11586f15c4

https://git.kernel.org/stable/c/824a7672e3540962d5c77d4c6666254d7aa6f0b3

https://git.kernel.org/stable/c/227ff4af00abc40b95123cc27ee8079069dcd8d7

https://git.kernel.org/stable/c/38353c26db28efd984f51d426eac2396d299cca7

https://nvd.nist.gov/vuln/detail/CVE-2026-23306

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-23306

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-23306

EUVD