CVE-2026-23059 scsi: qla2xxx: Sanitize payload size to prevent member overflow

🗓️ 04 Feb 2026 16:07:42Reported by LinuxType

Sanitize payload size in qla2xxx to prevent iocb overflow by capping to 64 bytes before copy.

Reporter	Title	Published	Views	Family All 102
ATTACKERKB	CVE-2026-23059	4 Feb 202616:07	–	attackerkb
AstraLinux	Astra Linux - уязвимость в linux-5.10	20 May 202605:53	–	astralinux
CBLMariner	CVE-2026-23059 affecting package kernel for versions less than 6.6.126.1-1	10 Mar 202622:56	–	cbl_mariner
Circl	CVE-2026-23059	1 Jun 202618:00	–	circl
CNNVD	Linux kernel 安全漏洞	4 Feb 202600:00	–	cnnvd
CVE	CVE-2026-23059	4 Feb 202616:07	–	cve
Debian	[SECURITY] [DSA 6126-1] linux security update	9 Feb 202618:21	–	debian
Debian CVE	CVE-2026-23059	4 Feb 202616:07	–	debiancve
Tenable Nessus	Debian dsa-6126 : ata-modules-6.12.31-armmp-di - security update	9 Feb 202600:00	–	nessus
Tenable Nessus	openSUSE 16 Security Update : kernel (openSUSE-SU-2026:20416-1)	29 Mar 202600:00	–	nessus

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/scsi/qla2xxx/qla_isr.c"
    ],
    "versions": [
      {
        "version": "875386b98857822b77ac7f95bdf367b70af5b78c",
        "lessThan": "408bfa8d70f79ac696cec1bdbdfb3bf43a02e6d0",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "875386b98857822b77ac7f95bdf367b70af5b78c",
        "lessThan": "1922468a4a80424e5a69f7ba50adcee37f4722e9",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "875386b98857822b77ac7f95bdf367b70af5b78c",
        "lessThan": "aa14451fa5d5f2de919384c637e2a8c604e1a1fe",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "875386b98857822b77ac7f95bdf367b70af5b78c",
        "lessThan": "19bc5f2a6962dfaa0e32d0e0bc2271993d85d414",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/scsi/qla2xxx/qla_isr.c"
    ],
    "versions": [
      {
        "version": "6.6",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "6.6",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.6.122",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.12.68",
        "lessThanOrEqual": "6.12.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.18.8",
        "lessThanOrEqual": "6.18.*",
        "status": "unaffected",
        "versionType": "semver"
      },
      {
        "version": "6.19",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Source	Link
git	www.git.kernel.org/stable/c/19bc5f2a6962dfaa0e32d0e0bc2271993d85d414
git	www.git.kernel.org/stable/c/1922468a4a80424e5a69f7ba50adcee37f4722e9
git	www.git.kernel.org/stable/c/408bfa8d70f79ac696cec1bdbdfb3bf43a02e6d0
git	www.git.kernel.org/stable/c/aa14451fa5d5f2de919384c637e2a8c604e1a1fe

11 May 2026 21:59Current

EPSS0.00168