CVE-2026-43414

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A double free issue exists in the scsi qla2xxx driver. In the qla24xx els dcmd iocb() function, sp->free is assigned to qla2x00 els dcmd sp free(). When an error occurs, this function is triggered by qla2x00 sp release() during the release of the first and last reference via kref put(). Because qla2x00 els dcmd sp free() calls qla2x00 free fcport(), a subsequent call after kref put() results in the fcport being freed twice.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.