9.8
CVE-2026-43414
- EPSS 0.38%
- Veröffentlicht 08.05.2026 14:21:51
- Zuletzt bearbeitet 08.07.2026 21:23:03
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
scsi: qla2xxx: Completely fix fcport double free
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Completely fix fcport double free In qla24xx_els_dcmd_iocb() sp->free is set to qla2x00_els_dcmd_sp_free(). When an error happens, this function is called by qla2x00_sp_release(), when kref_put() releases the first and the last reference. qla2x00_els_dcmd_sp_free() frees fcport by calling qla2x00_free_fcport(). Doing it one more time after kref_put() is a bad idea.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.15.154 < 5.16
Linux ≫ Linux Kernel Version >= 6.1.84 < 6.2
Linux ≫ Linux Kernel Version >= 6.6.24 < 6.7
Linux ≫ Linux Kernel Version >= 6.7.12 < 6.8
Linux ≫ Linux Kernel Version >= 6.8.3 < 6.9
Linux ≫ Linux Kernel Version >= 6.9.1 < 6.19.9
Linux ≫ Linux Kernel Version6.9 Update-
Linux ≫ Linux Kernel Version6.9 Updaterc2
Linux ≫ Linux Kernel Version6.9 Updaterc3
Linux ≫ Linux Kernel Version6.9 Updaterc4
Linux ≫ Linux Kernel Version6.9 Updaterc5
Linux ≫ Linux Kernel Version6.9 Updaterc6
Linux ≫ Linux Kernel Version6.9 Updaterc7
Linux ≫ Linux Kernel Version7.0 Updaterc1
Linux ≫ Linux Kernel Version7.0 Updaterc2
Linux ≫ Linux Kernel Version7.0 Updaterc3
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.38% | 0.296 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-415 Double Free
The product calls free() twice on the same memory address.
https://git.kernel.org/stable/c/d48ea85463f5b34f7b92ea0a13eddf1ab993da7b
https://git.kernel.org/stable/c/c0b7da13a04bd70ef6070bfb9ea85f582294560a