CVE-2026-23306

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A double free issue exists in the pm8001 queue command() function. When the function encounters a phy down or device gone state, it updates the task status and calls task done(), which frees the underlying SAS task. However, the function then returns -ENODEV to the caller. Upon receiving this error, the sas ata qc issue() function in libsas assumes the task was not handled or queued by the Low Level Device Driver (LLDD) and attempts to free the task again, leading to a double free scenario.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.