CVE-2025-68741

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s scsi subsystem, specifically within the qla2xxx driver. The issue involves improper memory freeing of items allocated for processing I/O control blocks (IOCBs). The qla24xx alloc purex item() function can return a pre-allocated item instead of dynamically allocating memory. Subsequently, the qla2xxx process purls iocb() function incorrectly uses kfree() to release these pre-allocated items, leading to potential memory corruption. The fix involves using the correct deallocation function, qla24xx free purex item(), to handle both dynamically allocated and pre-allocated items correctly.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALSA-2026:8921

ALSA-2026:9131

ALSA-2026:9135

ALSA-2026:9264

AZL-73069

BDU:2026-01150

CVE-2025-68741

OESA-2026-1759

OESA-2026-1760

OESA-2026-1761

OPENSUSE-SU-2026:10039-1

OPENSUSE-SU-2026:10301-1

OPENSUSE-SU-2026:20287-1

RHSA-2026:10996

RHSA-2026:14339

RHSA-2026:19568

RHSA-2026:19569

RHSA-2026:8921

RHSA-2026:9131

RHSA-2026:9135

RHSA-2026:9264

SUSE-SU-2026:20555-1

SUSE-SU-2026:20599-1

SUSE-SU-2026:20615-1

USN-8094-1

USN-8094-2

USN-8094-3

USN-8094-4

USN-8094-5

USN-8152-1

USN-8179-1

USN-8179-2

USN-8179-3

USN-8179-4

USN-8184-1

USN-8185-1

USN-8185-2

USN-8203-1

USN-8204-1

USN-8258-1

USN-8260-1

USN-8261-1

USN-8265-1

Affected Products

Debian

Linuxmint

Linux Kernel

Rocky Linux

Ubuntu

Qla24Xx

Qla2Xxx

CVE-2025-68741

Weakness Enumeration

Related Identifiers

Affected Products

References · 1523