CVE-2025-68741

NONE EPSS 6.7%
Published Dec 24, 20256mo ago · Modified Jun 17, 20261w ago
Find Similar
Published Dec 24, 2025 6mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix improper freeing of purex item In qla2xxx_process_purls_iocb(), an item is allocated via qla27xx_copy_multiple_pkt(), which internally calls qla24xx_alloc_purex_item(). The qla24xx_alloc_purex_item() function may return a pre-allocated item from a per-adapter pool for small allocations, instead of dynamically allocating memory with kzalloc(). An error handling path in qla2xxx_process_purls_iocb() incorrectly uses kfree() to release the item. If the item was from the pre-allocated pool, calling kfree() on it is a bug that can lead to memory corruption. Fix this by using the correct deallocation function, qla24xx_free_purex_item(), which properly handles both dynamically allocated and pre-allocated items.

Threat Intelligence

EPSS Exploit Probability
6.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

References 5

  • git.kernel.org https://git.kernel.org/stable/c/4bccd506a1f1ab01d1f45b2a3effff6bedc73cf9
  • git.kernel.org https://git.kernel.org/stable/c/5fa1c8226b4532ad7011d295d3ab4ad45df105ae
  • git.kernel.org https://git.kernel.org/stable/c/78b1a242fe612a755f2158fd206ee6bb577d18ca
  • git.kernel.org https://git.kernel.org/stable/c/8e9f0a0717ba31d5842721627ade1e62d7aec012
  • git.kernel.org https://git.kernel.org/stable/c/cfe3e2f768d248fd3d965d561d0768a56dd0b9f8

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.