Linux Kernel Vulnerability in SCSI Subsystem Affecting QLogic Products
CVE-2026-43414

9.8CRITICAL

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 May 2026

What is CVE-2026-43414?

A vulnerability exists in the Linux kernel's SCSI subsystem specifically related to the QLogic products. The issue arises in the function handling the freeing process of fcport, leading to a potential double-free scenario. When errors are encountered, the function responsible for managing command messages inadvertently attempts to free an already released resource. This flaw can result in unpredictable behavior, posing security risks that can be exploited by malicious actors. It's crucial for users to ensure they are running patched versions of the kernel to mitigate these issues.

Affected Version(s)

Linux 4895009c4bb72f71f2e682f1e7d2c2d96e482087

Linux 7861213201838480dc222634c56fb6db113d010d

References

https://git.kernel.org/stable/c/d48ea85463f5b34f7b92ea0a1...

https://git.kernel.org/stable/c/c0b7da13a04bd70ef6070bfb9...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43414 Data

JSON