{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T00:56:20.013","vulnerabilities":[{"cve":{"id":"CVE-2026-23059","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-02-04T17:16:16.583","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Sanitize payload size to prevent member overflow\n\nIn qla27xx_copy_fpin_pkt() and qla27xx_copy_multiple_pkt(), the frame_size\nreported by firmware is used to calculate the copy length into\nitem->iocb. However, the iocb member is defined as a fixed-size 64-byte\narray within struct purex_item.\n\nIf the reported frame_size exceeds 64 bytes, subsequent memcpy calls will\noverflow the iocb member boundary. While extra memory might be allocated,\nthis cross-member write is unsafe and triggers warnings under\nCONFIG_FORTIFY_SOURCE.\n\nFix this by capping total_bytes to the size of the iocb member (64 bytes)\nbefore allocation and copying. This ensures all copies remain within the\nbounds of the destination structure member."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nscsi: qla2xxx: Sanitizar el tamaño de la carga útil para prevenir el desbordamiento de miembro\n\nEn qla27xx_copy_fpin_pkt() y qla27xx_copy_multiple_pkt(), el frame_size reportado por el firmware se utiliza para calcular la longitud de la copia en item->iocb. Sin embargo, el miembro iocb se define como un array de tamaño fijo de 64 bytes dentro de la estructura purex_item.\n\nSi el frame_size reportado excede los 64 bytes, las llamadas subsiguientes a memcpy desbordarán el límite del miembro iocb. Aunque se podría asignar memoria adicional, esta escritura entre miembros es insegura y activa advertencias bajo CONFIG_FORTIFY_SOURCE.\n\nSolucione esto limitando total_bytes al tamaño del miembro iocb (64 bytes) antes de la asignación y la copia. Esto asegura que todas las copias permanezcan dentro de los límites del miembro de la estructura de destino."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/1922468a4a80424e5a69f7ba50adcee37f4722e9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/19bc5f2a6962dfaa0e32d0e0bc2271993d85d414","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/408bfa8d70f79ac696cec1bdbdfb3bf43a02e6d0","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/aa14451fa5d5f2de919384c637e2a8c604e1a1fe","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}}]}