CVE-2026-23376

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the nvmet-fcloop component. Specifically, a missing check for the remoteport port state before invoking the done callback in nvme fc handle ls rqst work can lead to issues. The lsrsp->done callback is only set when remoteport->port state is FC OBJSTATE ONLINE. If not online, the nvme fc xmt ls rsp function is expected to fail, and the transport layer should directly free resources. The update to fcloop t2h xmt ls rsp addresses this by checking remoteport->port state before calling the callback.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.