Description
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix improper freeing of purex item In qla2xxx_process_purls_iocb(), an item is allocated via qla27xx_copy_multiple_pkt(), which internally calls qla24xx_alloc_purex_item(). The qla24xx_alloc_purex_item() function may return a pre-allocated item from a per-adapter pool for small allocations, instead of dynamically allocating memory with kzalloc(). An error handling path in qla2xxx_process_purls_iocb() incorrectly uses kfree() to release the item. If the item was from the pre-allocated pool, calling kfree() on it is a bug that can lead to memory corruption. Fix this by using the correct deallocation function, qla24xx_free_purex_item(), which properly handles both dynamically allocated and pre-allocated items.
Product status
875386b98857822b77ac7f95bdf367b70af5b78c (git) before 8e9f0a0717ba31d5842721627ade1e62d7aec012
875386b98857822b77ac7f95bdf367b70af5b78c (git) before cfe3e2f768d248fd3d965d561d0768a56dd0b9f8
875386b98857822b77ac7f95bdf367b70af5b78c (git) before 5fa1c8226b4532ad7011d295d3ab4ad45df105ae
875386b98857822b77ac7f95bdf367b70af5b78c (git) before 78b1a242fe612a755f2158fd206ee6bb577d18ca
6.6
Any version before 6.6
6.12.63 (semver)
6.17.13 (semver)
6.18.2 (semver)
6.19-rc1 (original_commit_for_fix)
References
git.kernel.org/...c/8e9f0a0717ba31d5842721627ade1e62d7aec012
git.kernel.org/...c/cfe3e2f768d248fd3d965d561d0768a56dd0b9f8
git.kernel.org/...c/5fa1c8226b4532ad7011d295d3ab4ad45df105ae
git.kernel.org/...c/78b1a242fe612a755f2158fd206ee6bb577d18ca
Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.
