scsi: qla2xxx: Completely fix fcport double free_CVE-2026-43414

{
    "lastseen": "",
    "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Completely fix fcport double free\n\nIn qla24xx_els_dcmd_iocb() sp->free is set to qla2x00_els_dcmd_sp_free().\nWhen an error happens, this function is called by qla2x00_sp_release(),\nwhen kref_put() releases the first and the last reference.\n\nqla2x00_els_dcmd_sp_free() frees fcport by calling qla2x00_free_fcport().\nDoing it one more time after kref_put() is a bad idea.",
    "published": "2026-05-08T14:21:51.604Z",
    "modified": "2026-05-11T06:34:22.019Z",
    "type": "cve",
    "title": "scsi: qla2xxx: Completely fix fcport double free",
    "source": "Linux",
    "references": "https://git.kernel.org/stable/c/d48ea85463f5b34f7b92ea0a13eddf1ab993da7b\nhttps://git.kernel.org/stable/c/c0b7da13a04bd70ef6070bfb9ea85f582294560a",
    "id": "CVE-2026-43414",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Linux Linux 4895009c4bb72f71f2e682f1e7d2c2d96e482087\nLinux Linux 4895009c4bb72f71f2e682f1e7d2c2d96e482087\nLinux Linux 7861213201838480dc222634c56fb6db113d010d\nLinux Linux 3b9d72442adfbc9ddb0f76dd1b03977b3a578b16\nLinux Linux ef23850940d9a52c39936d27254824ccf5e9b6bd\nLinux Linux 6c6bf6cacf9461f8d301cfac4f9c175d80cbcc63\nLinux Linux cd10dee1f07a782f5aa05703c55299ca86a85ee4\nLinux Linux b03e626bd6d3f0684f56ee1890d70fc9ca991c04\nLinux Linux 282877633b25d67021a34169c5b5519b1d4ef65e\nLinux Linux f85af9f1aa5e2f53694a6cbe72010f754b5ff862\nLinux Linux 9b43d2884b54d415caab48878b526dfe2ae9921b\nLinux Linux 846fb9f112f618ec6ae181d8dae7961652574774\nLinux Linux 6.9",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Linux",
    "version": "4895009c4bb72f71f2e682f1e7d2c2d96e482087",
    "vendor": "Linux",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}