CVE-2026-23376

In nvmefchandlelsrqstwork, the lsrsp->done callback is only set when remoteport->portstate is FCOBJSTATEONLINE. Otherwise, the nvmefcxmtlsrsp's LLDD call to lport->ops->xmtlsrsp is expected to fail and the nvme-fc transport layer itself will directly call nvmefcxmtlsrsp_free instead of relying on LLDD's done callback to free the lsrsp resources.

Update the fcloopt2hxmtlsrsp routine to check remoteport->port_state. If online, then lsrsp->done callback will free the lsrsp. Else, return -ENODEV to signal the nvme-fc transport to handle freeing lsrsp.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23376.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

10c165af35d225eb033f4edc7fcc699a8d2d533d

Fixed

f30b95159a53e72529a9ca1667f11cd1970240a7

Fixed

31d3817bcd9e192b30abe3cf4b68f69d48864dd2

Fixed

dd677d0598387ea623820ab2bd0e029c377445a3

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

2cf857075bcc8e83c4aa5fe7d8f1efd6af51e04e

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23376.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.18.0

Fixed

6.18.17

Type: ECOSYSTEM
Events: Introduced

6.19.0

Fixed

6.19.7

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23376.json"