In the Linux kernel, the following vulnerability has been resolved: scsi: target: file: Use kzalloc_flex for aio_cmd The target_core_file doesn't initialize the aio_cmd->iocb for the ki_write_stream. When a write command fd_execute_rw_aio() is executed, we may get a bogus ki_write_stream value, causing unintended write failure status when checking iocb->ki_write_stream > max_write_streams in the block device. Let's just use kzalloc_flex when allocating the aio_cmd and let ki_write_stream=0 to fix this issue.

A flaw was found in the Linux kernel's SCSI target file module. When a write command is executed, the `aio_cmd->iocb` for the `ki_write_stream` is not initialized. This can lead to an incorrect `ki_write_stream` value, causing unintended write failures in the block device. This vulnerability can result in a Denial of Service (DoS) for applications attempting to write data.

SCSI target FILEIO aio_cmd allocation now uses flexible kzalloc sizing, avoiding underallocation for large aio vectors. Red Hat recommends updated kernels for LIO FILEIO backends. Red Hat Enterprise Linux 10 Fix deferred kernel Red Hat Enterprise Linux 6 Out of support scope kernel Red Hat Enterprise Linux 7 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel-rt Red Hat Enterprise Linux 8 Not affected kernel Red Hat Enterprise Linux 8 Not affected kernel-rt Red Hat Enterprise Linux 9 Fix deferred kernel Red Hat Enterprise Linux 9 Fix deferred kernel-rt https://www.cve.org/CVERecord?id=CVE-2026-43055 https://nvd.nist.gov/vuln/detail/CVE-2026-43055 https://lore.kernel.org/linux-cve-announce/2026050108-CVE-2026-43055-5bb1@gregkh/T