CVE-2024-26930

Advisory lineage Upstream: 0 Downstream: 97

Downstream

DEBIAN-CVE-2024-26930 RHSA-2024:5066 RHSA-2024:5067 RHSA-2024:6997 SUSE-SU-2024:1643-1 SUSE-SU-2024:1646-1

Analyzed

Published: 01 May 2024, 05:17

Last modified:11 May 2026, 20:07

Vulnerability Summary

Overall Risk (default)

medium

31/100

CVSS Score

7.8 HIGH

v3.1 (nvd)

EPSS Score

0.01% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

01 May 2024, 05:17

Published

Vulnerability first disclosed

11 May 2026, 20:07

Last Modified

Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix double free of the ha->vp_map pointer Coverity scan reported potential risk of double free of the pointer ha->vp_map. ha->vp_map was freed in qla2x00_mem_alloc(), and again freed in function qla2x00_mem_free(ha). Assign NULL to vp_map and kfree take care of NULL.

CVSS Metrics

v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 0.01%• Percentile: 3%

Techniques & Countermeasures

CWE-415•Double Free
The product calls free() twice on the same memory address.

Affected Systems

linux•linux
≥ 430eef03a763e5e76a371ba6d02779ae4a64b6ea, < f14cee7a882cb79528f17a2335f53e9fd1848467 | ≥ 430eef03a763e5e76a371ba6d02779ae4a64b6ea, < b7deb675d674f44e0ddbab87fee8f9f098925e73 | ≥ 430eef03a763e5e76a371ba6d02779ae4a64b6ea, < 825d63164a2e6bacb059a9afb5605425b485413f | ≥ 430eef03a763e5e76a371ba6d02779ae4a64b6ea, < e288285d47784fdcf7c81be56df7d65c6f10c58b | 6.3
linux•linux_kernel
≥ 6.3, < 6.6.24 | ≥ 6.7, < 6.7.12 | ≥ 6.8, < 6.8.3 | 6.9:rc1