CVE-2026-23059

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> scsi: qla2xxx: Sanitize payload size to prevent member overflow<br /> <br /> In qla27xx_copy_fpin_pkt() and qla27xx_copy_multiple_pkt(), the frame_size<br /> reported by firmware is used to calculate the copy length into<br /> item-&gt;iocb. However, the iocb member is defined as a fixed-size 64-byte<br /> array within struct purex_item.<br /> <br /> If the reported frame_size exceeds 64 bytes, subsequent memcpy calls will<br /> overflow the iocb member boundary. While extra memory might be allocated,<br /> this cross-member write is unsafe and triggers warnings under<br /> CONFIG_FORTIFY_SOURCE.<br /> <br /> Fix this by capping total_bytes to the size of the iocb member (64 bytes)<br /> before allocation and copying. This ensures all copies remain within the<br /> bounds of the destination structure member.