CVE-2026-23112
Published: Feb 13, 2026
Modified: Jun 2, 2026
CVSS v3.1
9.8
Description
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec nvmet_tcp_build_pdu_iovec() could walk past cmd->req.sg when a PDU length or offset exceeds sg_cnt and then use bogus sg->length/offset values, leading to _copy_to_iter() GPF/KASAN. Guard sg_idx, remaining entries, and sg->length/offset before building the bvec.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 872d26a391da92ed8f0c0f5cb5fef428067b7f30 - < 0b9981751be14b59b4473383c731c833738aebdbaffected 872d26a391da92ed8f0c0f5cb5fef428067b7f30 - < 42afe8ed8ad2de9c19457156244ef3e1eca94b5daffected 872d26a391da92ed8f0c0f5cb5fef428067b7f30 - < 1385be357e8acd09b36e026567f3a9d5c61139deaffected 872d26a391da92ed8f0c0f5cb5fef428067b7f30 - < dca1a6ba0da9f472ef040525fab10fd9956db59faffected 872d26a391da92ed8f0c0f5cb5fef428067b7f30 - < 19672ae68d52ff75347ebe2420dde1b07adca09f+2 more versions |
Linux | Linux | affected 5.0unaffected 0 - < 5.0unaffected 5.10.253 - <= 5.10.*unaffected 5.15.200 - <= 5.15.*unaffected 6.1.163 - <= 6.1.*+4 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now