๐Ÿ” CVE Alert

CVE-2026-23112

CRITICAL 9.8

nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec

CVSS Score
9.8
EPSS Score
0.1%
EPSS Percentile
21th

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec nvmet_tcp_build_pdu_iovec() could walk past cmd->req.sg when a PDU length or offset exceeds sg_cnt and then use bogus sg->length/offset values, leading to _copy_to_iter() GPF/KASAN. Guard sg_idx, remaining entries, and sg->length/offset before building the bvec.

Vendor linux
Product linux
Ecosystems
Industries
Technology
Published Feb 13, 2026
Last Updated Apr 3, 2026
Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new critical vulnerabilities affecting linux linux are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

Linux / Linux
872d26a391da92ed8f0c0f5cb5fef428067b7f30 < 043b4307a99f902697349128fde93b2ddde4686c 872d26a391da92ed8f0c0f5cb5fef428067b7f30 < 42afe8ed8ad2de9c19457156244ef3e1eca94b5d 872d26a391da92ed8f0c0f5cb5fef428067b7f30 < 1385be357e8acd09b36e026567f3a9d5c61139de 872d26a391da92ed8f0c0f5cb5fef428067b7f30 < dca1a6ba0da9f472ef040525fab10fd9956db59f 872d26a391da92ed8f0c0f5cb5fef428067b7f30 < 19672ae68d52ff75347ebe2420dde1b07adca09f 872d26a391da92ed8f0c0f5cb5fef428067b7f30 < ab200d71553bdcf4de554a5985b05b2dd606bc57 872d26a391da92ed8f0c0f5cb5fef428067b7f30 < 52a0a98549344ca20ad81a4176d68d28e3c05a5c
Linux / Linux
5.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
git.kernel.org: https://git.kernel.org/stable/c/043b4307a99f902697349128fde93b2ddde4686c git.kernel.org: https://git.kernel.org/stable/c/42afe8ed8ad2de9c19457156244ef3e1eca94b5d git.kernel.org: https://git.kernel.org/stable/c/1385be357e8acd09b36e026567f3a9d5c61139de git.kernel.org: https://git.kernel.org/stable/c/dca1a6ba0da9f472ef040525fab10fd9956db59f git.kernel.org: https://git.kernel.org/stable/c/19672ae68d52ff75347ebe2420dde1b07adca09f git.kernel.org: https://git.kernel.org/stable/c/ab200d71553bdcf4de554a5985b05b2dd606bc57 git.kernel.org: https://git.kernel.org/stable/c/52a0a98549344ca20ad81a4176d68d28e3c05a5c