Description
In the Linux kernel, the following vulnerability has been resolved:

nvmet-fcloop: Check remoteport port_state before calling done callback

In nvme_fc_handle_ls_rqst_work, the lsrsp->done callback is only set when
remoteport->port_state is FC_OBJSTATE_ONLINE. Otherwise, the
nvme_fc_xmt_ls_rsp's LLDD call to lport->ops->xmt_ls_rsp is expected to
fail and the nvme-fc transport layer itself will directly call
nvme_fc_xmt_ls_rsp_free instead of relying on LLDD's done callback to free
the lsrsp resources.

Update the fcloop_t2h_xmt_ls_rsp routine to check remoteport->port_state.
If online, then lsrsp->done callback will free the lsrsp. Else, return
-ENODEV to signal the nvme-fc transport to handle freeing lsrsp.
Published: 2026-03-25
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via improper resource handling
Action: Patch Update
AI Analysis

Impact

In the Linux kernel’s NVMe‑FC loopback implementation, a callback intended to free a response structure is only set when the remote port is online. When the remote port is offline, the structure is freed by an alternate path, which can lead to improper resource cleanup. This improper resource management may cause memory leaks or kernel crashes, threatening system availability. Based on the description, it is inferred that an attacker could trigger this flaw by sending crafted NVMe‑FC loopback requests that cause remote port state changes, resulting in delayed or duplicated cleanup operations.

Affected Systems

The flaw is confined to the Linux kernel’s NVMe‑FC subsystem, specifically the nvmet‑fcloop component. All installations running a kernel version prior to the mitigate commit are vulnerable. The fixed code resides in the NVMe‑FC loopback handling routine and is incorporated into the latest stable kernel releases.

Risk and Exploitability

The CVSS score of 5.5 classifies the issue as moderate severity, while an EPSS score below 1% and absence from CISA’s KEV catalog indicate a low exploitation likelihood. Based on the description, it is inferred that the attack vector most likely requires local privilege or the ability to send crafted NVMe‑FC loopback requests. This suggests remote exploitation is unlikely, but the potential denial‑of‑service impact warrants timely patching.

Generated by OpenCVE AI on April 28, 2026 at 17:00 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check your distribution’s repository or vendor site for the latest kernel that includes the nvmet‑fcloop fix
  • Apply the update and reboot into the new kernel
  • If an updated kernel is not yet available, consider disabling NVMe‑FC loopback functionality until the patch is released
  • Monitor vendor advisories for future updates

Generated by OpenCVE AI on April 28, 2026 at 17:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 24 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:6.18:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L'}

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Thu, 26 Mar 2026 12:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Thu, 26 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-414
References
Metrics threat_severity

None

 cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L'}

threat_severity

Low

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Wed, 25 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: nvmet-fcloop: Check remoteport port_state before calling done callback In nvme_fc_handle_ls_rqst_work, the lsrsp->done callback is only set when remoteport->port_state is FC_OBJSTATE_ONLINE. Otherwise, the nvme_fc_xmt_ls_rsp's LLDD call to lport->ops->xmt_ls_rsp is expected to fail and the nvme-fc transport layer itself will directly call nvme_fc_xmt_ls_rsp_free instead of relying on LLDD's done callback to free the lsrsp resources. Update the fcloop_t2h_xmt_ls_rsp routine to check remoteport->port_state. If online, then lsrsp->done callback will free the lsrsp. Else, return -ENODEV to signal the nvme-fc transport to handle freeing lsrsp.
Title nvmet-fcloop: Check remoteport port_state before calling done callback
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:05:40.786Z

Reserved: 2026-01-13T15:37:46.003Z

Link: CVE-2026-23376

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T11:16:37.383

Modified: 2026-04-24T16:21:52.913

Link: CVE-2026-23376

cve-icon Redhat

Severity : Low

Publid Date: 2026-03-25T00:00:00Z

Links: CVE-2026-23376 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T17:00:13Z

Weaknesses