CVE-2026-23355Incomplete Cleanup in Linux

CWE-459Incomplete Cleanup7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 93.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: ata: libata: cancel pending work after clearing deferred_qc Syzbot reported a WARN_ON() in ata_scsi_deferred_qc_work(), caused by ap->ops->qc_defer() returning non-zero before issuing the deferred qc. ata_scsi_schedule_deferred_qc() is called during each command completion. This function will check if there is a deferred QC, and if ap->ops->qc_defer() returns zero, meaning that it is possible to queue the deferred qc at this

Affected Packages4 packages

Linuxlinux/linux_kernel6.19.06.19.7+1
Debianlinux/linux_kernel< 6.19.8-1
CVEListV5linux/linuxce22aaed011206fed9cbd8c9c2d44718607f31ee0d12453818c35e1ded84633152c6b05002ae48b9+7
debiandebian/linux< linux 6.19.8-1 (forky)

🔴Vulnerability Details

3
OSV
ata: libata: cancel pending work after clearing deferred_qc2026-03-25
GHSA
GHSA-8672-3h73-hv9p: In the Linux kernel, the following vulnerability has been resolved: ata: libata: cancel pending work after clearing deferred_qc Syzbot reported a WA2026-03-25
OSV
CVE-2026-23355: In the Linux kernel, the following vulnerability has been resolved: ata: libata: cancel pending work after clearing deferred_qc Syzbot reported a WARN2026-03-25

📋Vendor Advisories

2
Red Hat
kernel: ata: libata: cancel pending work after clearing deferred_qc2026-03-25
Debian
CVE-2026-23355: linux - In the Linux kernel, the following vulnerability has been resolved: ata: libata...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23355 Impact, Exploitability, and Mitigation Steps | Wiz