qla2xxx

About this tag
The qla2xxx tag covers the Linux kernel driver for QLogic Fibre Channel host bus adapters used in storage and SAN environments. Content focuses on security vulnerabilities (CVE-2024-42287, CVE-2025-68741, CVE-2025-68745) involving race conditions, memory corruption, and DMA unmapping bugs that can cause kernel crashes or data corruption. Discussions include upstream patches, distribution kernel updates, and proper fix procedures for enterprise IT administrators managing Linux-based storage servers.
  1. CVE-2024-42287: Linux qla2xxx Race Causes Kernel OOPS and Patch Guide

    A subtle race in the Linux SCSI qla2xxx driver that could crash hosts during NPIV or firmware reset sequences has been publicly documented as CVE-2024-42287; upstream maintainers have issued a targeted fix (complete command handling while holding the driver lock) and major distributions have...
  2. CVE-2025-68741: Linux qla2xxx memory corruption fix replacing kfree

    A subtle but consequential memory-handling bug in the Linux kernel’s qla2xxx SCSI driver has been assigned CVE-2025-68741 and patched upstream: an error path in qla2xxx_process_purls_iocb used kfree to release a structure that may have been drawn from a per-adapter pre‑allocated pool, which can...
  3. Linux Kernel CVE-2025-68745: qla2xxx DMA Unmap Race Reverted and Fixed

    The Linux kernel received a targeted fix for CVE-2025-68745 — a qla2xxx driver regression that caused SCSI target commands to become stuck after a chip reset and introduced dangerous race conditions around DMA unmapping — and maintainers responded by reverting the offending changes and applying...