PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-43414 Linux kernel CVE debrief

A critical vulnerability was found in the Linux kernel, specifically in the qla2xxx driver. The vulnerability is related to a double free of fcport, which can lead to a crash or potentially allow an attacker to execute arbitrary code. The vulnerability has been resolved by the Linux kernel maintainers. Affected product deployments should be identified, and owners assigned for follow-up. The vulnerability has a CVSS score of 9.8 and is considered CRITICAL.

Vendor
Linux kernel
Product
qla2xxx driver
CVSS
CRITICAL 9.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-08
Original CVE updated
2026-07-08
Advisory published
2026-05-08
Advisory updated
2026-07-08

Who should care

System administrators and users of Linux kernel versions 5.15.154 to 5.16, 6.1.84 to 6.2, 6.6.24 to 6.7, 6.7.12 to 6.8, 6.8.3 to 6.9, and 6.9.1 to 6.19.9 should apply the patches provided by the Linux kernel maintainers to prevent exploitation. Affected operator, platform, vulnerability-management, and security-team impact should be reviewed.

Technical summary

The vulnerability is caused by a double free of fcport in the qla2xxx driver. When an error occurs, the qla2x00_els_dcmd_sp_free() function is called by qla2x00_sp_release(), which frees the fcport by calling qla2x00_free_fcport(). Calling this function again after kref_put() releases the reference is a bad idea and can lead to a crash or potentially allow an attacker to execute arbitrary code. The vulnerability affects Linux kernel versions 5.15.154 to 5.16, 6.1.84 to 6.2, 6.6.24 to 6.7, 6.7.12 to 6.8, 6.8.3 to 6.9, and 6.9.1 to 6.19.9.

Defensive priority

High

Recommended defensive actions

  • Apply the patches provided by the Linux kernel maintainers
  • Update to a patched version of the Linux kernel
  • Monitor system logs for potential exploitation attempts
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up

Evidence notes

The vulnerability has been resolved by the Linux kernel maintainers. Patches are available for affected versions. Evidence is limited, and defenders should verify the accuracy of affected scope and vendor guidance. The CVE record was published on 2026-05-08T15:16:53.353Z and has not been modified since then. The NVD entry is currently Analyzed. Additional verification is recommended to ensure the accuracy of the information.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-05-08T15:16:53.353Z and has not been modified since then. The NVD entry is currently Analyzed.