CVE-2025-68741: scsi: qla2xxx: Fix improper freeing of purex item
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Fix improper freeing of purex item
In qla2xxx_process_purls_iocb(), an item is allocated via
qla27xx_copy_multiple_pkt(), which internally calls
qla24xx_alloc_purex_item().
The qla24xx_alloc_purex_item() function may return a pre-allocated item
from a per-adapter pool for small allocations, instead of dynamically
allocating memory with kzalloc().
An error handling path in qla2xxx_process_purls_iocb() incorrectly uses
kfree() to release the item. If the item was from the pre-allocated
pool, calling kfree() on it is a bug that can lead to memory corruption.
Fix this by using the correct deallocation function,
qla24xx_free_purex_item(), which properly handles both dynamically
allocated and pre-allocated items.
Security readout for executives and security teams
Plain-English summary
CVE-2025-68741 is a Linux kernel qla2xxx storage-driver memory-management bug. An error path can free a driver-managed object incorrectly, which may corrupt kernel memory. The public record does not provide CVSS scoring, confirmed exploitation, or complete operational impact details.
Executive priority
Treat as a targeted infrastructure hygiene issue, not an internet-wide emergency based on current evidence. Prioritize affected storage servers because kernel memory corruption can affect availability and system integrity.
Technical view
In qla2xxx_process_purls_iocb(), qla27xx_copy_multiple_pkt() can obtain a purex item from qla24xx_alloc_purex_item(). Some items come from a pre-allocated per-adapter pool, but an error path used kfree() instead of qla24xx_free_purex_item(), risking memory corruption.
Likely exposure
Exposure is most likely on Linux systems using the qla2xxx SCSI/Fibre Channel driver on affected kernel builds before the referenced stable fixes. Organizations without QLogic qla2xxx-dependent storage paths are less likely to be exposed.
Exploitation context
The source bundle marks KEV as false and provides no cited evidence of active exploitation or public exploit tooling. The vulnerability is a kernel driver memory-corruption issue, so impact depends on reachability of the affected qla2xxx error path.
Researcher notes
The record attributes the flaw to incorrect deallocation of purex items that may originate from a pool, not kzalloc(). The fix changes cleanup to qla24xx_free_purex_item(). No CVSS, CWE, exploitability analysis, or trigger preconditions are provided.
Mitigation direction
Apply Linux kernel updates containing the referenced qla2xxx fixes.
Check distribution vendor advisories for backported patched kernels.
Prioritize storage hosts using qla2xxx/QLogic Fibre Channel adapters.
Avoid unsupported kernel builds missing the stable fix commits.
Validation and detection
Inventory Linux hosts and kernel versions.
Identify systems loading or depending on the qla2xxx driver.
Confirm installed kernels include the referenced stable commits or vendor backports.
Review storage-driver logs for qla2xxx-related instability after patching.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2025-68741 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.