PatchSiren cyber security CVE debrief
CVE-2026-43414 Linux kernel CVE debrief
A critical vulnerability was found in the Linux kernel, specifically in the qla2xxx driver. The vulnerability is related to a double free of fcport, which can lead to a crash or potentially allow an attacker to execute arbitrary code. The vulnerability has been resolved by the Linux kernel maintainers. Affected product deployments should be identified, and owners assigned for follow-up. The vulnerability has a CVSS score of 9.8 and is considered CRITICAL.
- Vendor
- Linux kernel
- Product
- qla2xxx driver
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-08
- Original CVE updated
- 2026-07-08
- Advisory published
- 2026-05-08
- Advisory updated
- 2026-07-08
Who should care
System administrators and users of Linux kernel versions 5.15.154 to 5.16, 6.1.84 to 6.2, 6.6.24 to 6.7, 6.7.12 to 6.8, 6.8.3 to 6.9, and 6.9.1 to 6.19.9 should apply the patches provided by the Linux kernel maintainers to prevent exploitation. Affected operator, platform, vulnerability-management, and security-team impact should be reviewed.
Technical summary
The vulnerability is caused by a double free of fcport in the qla2xxx driver. When an error occurs, the qla2x00_els_dcmd_sp_free() function is called by qla2x00_sp_release(), which frees the fcport by calling qla2x00_free_fcport(). Calling this function again after kref_put() releases the reference is a bad idea and can lead to a crash or potentially allow an attacker to execute arbitrary code. The vulnerability affects Linux kernel versions 5.15.154 to 5.16, 6.1.84 to 6.2, 6.6.24 to 6.7, 6.7.12 to 6.8, 6.8.3 to 6.9, and 6.9.1 to 6.19.9.
Defensive priority
High
Recommended defensive actions
- Apply the patches provided by the Linux kernel maintainers
- Update to a patched version of the Linux kernel
- Monitor system logs for potential exploitation attempts
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
Evidence notes
The vulnerability has been resolved by the Linux kernel maintainers. Patches are available for affected versions. Evidence is limited, and defenders should verify the accuracy of affected scope and vendor guidance. The CVE record was published on 2026-05-08T15:16:53.353Z and has not been modified since then. The NVD entry is currently Analyzed. Additional verification is recommended to ensure the accuracy of the information.
Official resources
-
CVE-2026-43414 CVE record
CVE.org
-
CVE-2026-43414 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-05-08T15:16:53.353Z and has not been modified since then. The NVD entry is currently Analyzed.