In the Linux kernel, the following vulnerability has been resolved:
scsi: target: file: Use kzallocflex for aiocmd
The targetcorefile doesn't initialize the aiocmd->iocb for the kiwritestream. When a write command fdexecuterwaio() is executed, we may get a bogus kiwritestream value, causing unintended write failure status when checking iocb->kiwritestream > maxwritestreams in the block device.
Let's just use kzallocflex when allocating the aiocmd and let kiwritestream=0 to fix this issue.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43055.json",
"cna_assigner": "Linux"
}