Main Vulnerability Database SB2026020545

SB2026020545 - Buffer overflow in Linux kernel scsi qla2xxx driver

Published: February 5, 2026

Security Bulletin ID SB2026020545

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Buffer overflow (CVE-ID: CVE-2026-23059)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the qla27xx_copy_multiple_pkt() and qla27xx_copy_fpin_pkt() functions in drivers/scsi/qla2xxx/qla_isr.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/1922468a4a80424e5a69f7ba50adcee37f4722e9
https://git.kernel.org/stable/c/19bc5f2a6962dfaa0e32d0e0bc2271993d85d414
https://git.kernel.org/stable/c/408bfa8d70f79ac696cec1bdbdfb3bf43a02e6d0
https://git.kernel.org/stable/c/aa14451fa5d5f2de919384c637e2a8c604e1a1fe