{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-68741","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-12-24T10:30:51.030Z","datePublished":"2025-12-24T12:09:38.655Z","dateUpdated":"2026-05-11T21:52:26.920Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:52:26.920Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix improper freeing of purex item\n\nIn qla2xxx_process_purls_iocb(), an item is allocated via\nqla27xx_copy_multiple_pkt(), which internally calls\nqla24xx_alloc_purex_item().\n\nThe qla24xx_alloc_purex_item() function may return a pre-allocated item\nfrom a per-adapter pool for small allocations, instead of dynamically\nallocating memory with kzalloc().\n\nAn error handling path in qla2xxx_process_purls_iocb() incorrectly uses\nkfree() to release the item. If the item was from the pre-allocated\npool, calling kfree() on it is a bug that can lead to memory corruption.\n\nFix this by using the correct deallocation function,\nqla24xx_free_purex_item(), which properly handles both dynamically\nallocated and pre-allocated items."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/scsi/qla2xxx/qla_nvme.c"],"versions":[{"version":"875386b98857822b77ac7f95bdf367b70af5b78c","lessThan":"4bccd506a1f1ab01d1f45b2a3effff6bedc73cf9","status":"affected","versionType":"git"},{"version":"875386b98857822b77ac7f95bdf367b70af5b78c","lessThan":"8e9f0a0717ba31d5842721627ade1e62d7aec012","status":"affected","versionType":"git"},{"version":"875386b98857822b77ac7f95bdf367b70af5b78c","lessThan":"cfe3e2f768d248fd3d965d561d0768a56dd0b9f8","status":"affected","versionType":"git"},{"version":"875386b98857822b77ac7f95bdf367b70af5b78c","lessThan":"5fa1c8226b4532ad7011d295d3ab4ad45df105ae","status":"affected","versionType":"git"},{"version":"875386b98857822b77ac7f95bdf367b70af5b78c","lessThan":"78b1a242fe612a755f2158fd206ee6bb577d18ca","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/scsi/qla2xxx/qla_nvme.c"],"versions":[{"version":"6.6","status":"affected"},{"version":"0","lessThan":"6.6","status":"unaffected","versionType":"semver"},{"version":"6.6.120","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.63","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.17.13","lessThanOrEqual":"6.17.*","status":"unaffected","versionType":"semver"},{"version":"6.18.2","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6","versionEndExcluding":"6.6.120"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6","versionEndExcluding":"6.12.63"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6","versionEndExcluding":"6.17.13"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6","versionEndExcluding":"6.18.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6","versionEndExcluding":"6.19"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/4bccd506a1f1ab01d1f45b2a3effff6bedc73cf9"},{"url":"https://git.kernel.org/stable/c/8e9f0a0717ba31d5842721627ade1e62d7aec012"},{"url":"https://git.kernel.org/stable/c/cfe3e2f768d248fd3d965d561d0768a56dd0b9f8"},{"url":"https://git.kernel.org/stable/c/5fa1c8226b4532ad7011d295d3ab4ad45df105ae"},{"url":"https://git.kernel.org/stable/c/78b1a242fe612a755f2158fd206ee6bb577d18ca"}],"title":"scsi: qla2xxx: Fix improper freeing of purex item","x_generator":{"engine":"bippy-1.2.0"}}}}