CVE-2026-23059

scsi: qla2xxx: Sanitize payload size to prevent member overflow

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Sanitize payload size to prevent member overflow In qla27xx_copy_fpin_pkt() and qla27xx_copy_multiple_pkt(), the frame_size
reported by firmware is used to calculate the copy length into
item->iocb. However, the iocb member is defined as a fixed-size 64-byte
array within struct purex_item. If the reported frame_size exceeds 64 bytes, subsequent memcpy calls will
overflow the iocb member boundary. While extra memory might be allocated,
this cross-member write is unsafe and triggers warnings under
CONFIG_FORTIFY_SOURCE. Fix this by capping total_bytes to the size of the iocb member (64 bytes)
before allocation and copying. This ensures all copies remain within the
bounds of the destination structure member.

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. For the stable distribution (trixie), these problems have been fixed in version 6.12.69-1.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2026-01-13 CVE Reserved
2026-02-04 CVE Published
2026-02-09 CVE Updated
2026-04-13 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (5)

URL	Tag	Source
https://git.kernel.org/stable/c/875386b98857822b77ac7f95bdf367b70af5b78c	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/408bfa8d70f79ac696cec1bdbdfb3bf43a02e6d0	2026-01-30
https://git.kernel.org/stable/c/1922468a4a80424e5a69f7ba50adcee37f4722e9	2026-01-30
https://git.kernel.org/stable/c/aa14451fa5d5f2de919384c637e2a8c604e1a1fe	2026-01-30
https://git.kernel.org/stable/c/19bc5f2a6962dfaa0e32d0e0bc2271993d85d414	2026-01-17

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6 < 6.6.122 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6 < 6.6.122"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6 < 6.12.68 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6 < 6.12.68"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6 < 6.18.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6 < 6.18.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6 < 6.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6 < 6.19"		en		Affected