CVE-2026-43414 is a critical-severity double-free and use-after-free memory corruption vulnerability in the qla2xxx Fibre Channel driver within the Linux kernel, specifically affecting Microsoft Azure Linux 3.0 systems running kernel package azl3 6.6.139.1-1. A local attacker can exploit heap corruption to escalate privileges or crash the system. The vulnerability is not in CISA KEV, exploitation in the wild has not been observed, and EPSS is very low, but the CVSS score is 9.8 and the patch is described by Microsoft as completely fixing a previously only partially mitigated condition.