CVE-2026-23376

UNKNOWN 0.0

nvmet-fcloop: Check remoteport port_state before calling done callback

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: nvmet-fcloop: Check remoteport port_state before calling done callback In nvme_fc_handle_ls_rqst_work, the lsrsp->done callback is only set when remoteport->port_state is FC_OBJSTATE_ONLINE. Otherwise, the nvme_fc_xmt_ls_rsp's LLDD call to lport->ops->xmt_ls_rsp is expected to fail and the nvme-fc transport layer itself will directly call nvme_fc_xmt_ls_rsp_free instead of relying on LLDD's done callback to free the lsrsp resources. Update the fcloop_t2h_xmt_ls_rsp routine to check remoteport->port_state. If online, then lsrsp->done callback will free the lsrsp. Else, return -ENODEV to signal the nvme-fc transport to handle freeing lsrsp.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Mar 25, 2026
Last Updated	Apr 13, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

10c165af35d225eb033f4edc7fcc699a8d2d533d < f30b95159a53e72529a9ca1667f11cd1970240a7 10c165af35d225eb033f4edc7fcc699a8d2d533d < 31d3817bcd9e192b30abe3cf4b68f69d48864dd2 10c165af35d225eb033f4edc7fcc699a8d2d533d < dd677d0598387ea623820ab2bd0e029c377445a3 2cf857075bcc8e83c4aa5fe7d8f1efd6af51e04e

Linux / Linux

6.18

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/f30b95159a53e72529a9ca1667f11cd1970240a7 git.kernel.org: https://git.kernel.org/stable/c/31d3817bcd9e192b30abe3cf4b68f69d48864dd2 git.kernel.org: https://git.kernel.org/stable/c/dd677d0598387ea623820ab2bd0e029c377445a3