CVE-2026-46105

HIGH 7.8

scsi: mpt3sas: Limit NVMe request size to 2 MiB

CVSS Score

7.8

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Limit NVMe request size to 2 MiB The HBA firmware reports NVMe MDTS values based on the underlying drive capability. However, because the driver allocates a fixed 4K buffer for the PRP list, accommodating at most 512 entries, the driver supports a maximum I/O transfer size of 2 MiB. Limit max_hw_sectors to the smaller of the reported MDTS and the 2 MiB driver limit to prevent issuing oversized I/O that may lead to a kernel oops.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	May 28, 2026
Last Updated	May 30, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new high vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Linux / Linux

9b8b84879d4adc506b0d3944e20b28d9f3f6994b < 45dcc815fc5539e88154315f36cbcb11d3a52fc2 9b8b84879d4adc506b0d3944e20b28d9f3f6994b < e5f9824817c6358b9f9738bdb92dec9e4e794d3c 9b8b84879d4adc506b0d3944e20b28d9f3f6994b < 04631f55afc543d5431a2bdee7f6cc0f2c0debe7

Linux / Linux

6.17

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/45dcc815fc5539e88154315f36cbcb11d3a52fc2 git.kernel.org: https://git.kernel.org/stable/c/e5f9824817c6358b9f9738bdb92dec9e4e794d3c git.kernel.org: https://git.kernel.org/stable/c/04631f55afc543d5431a2bdee7f6cc0f2c0debe7