UBUNTU-CVE-2026-23112

Advisory lineage Upstream: 1 Downstream: 15
Upstream
CVE-2026-23112
Published: 13 Feb 2026, 14:16
Last modified:03 Jun 2026, 13:40

Vulnerability Summary

Overall Risk (default)
high
70/100
CVSS Score
9.8 CRITICAL
3.1 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

13 Feb 2026, 14:16
Published
Vulnerability first disclosed
03 Jun 2026, 13:40
Last Modified
Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec nvmet_tcp_build_pdu_iovec() could walk past cmd->req.sg when a PDU length or offset exceeds sg_cnt and then use bogus sg->length/offset values, leading to _copy_to_iter() GPF/KASAN. Guard sg_idx, remaining entries, and sg->length/offset before building the bvec.

CVSS Metrics

  • v3.1CRITICALScore: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Systems

  • ubuntulinux

    all | all | all | all | < 5.4.0-229.249 | < 5.15.0-177.187 | < 6.8.0-111.111 | < 6.17.0-23.23

  • ubuntulinux-allwinner-5.19

    all

  • ubuntulinux-aws

    all | all | all | all | < 5.4.0-1158.168 | < 5.15.0-1106.113 | < 6.8.0-1053.56 | < 6.17.0-1013.13

  • ubuntulinux-aws-5.0

    all

  • ubuntulinux-aws-5.11

    all

  • ubuntulinux-aws-5.13

    all

  • ubuntulinux-aws-5.15

    all | < 5.15.0-1106.113~20.04.1

  • ubuntulinux-aws-5.19

    all

  • ubuntulinux-aws-5.3

    all

  • ubuntulinux-aws-5.4

    all | < 5.4.0-1158.168~18.04.1

  • ubuntulinux-aws-5.8

    all

  • ubuntulinux-aws-6.14

    all

  • ubuntulinux-aws-6.17

    all | < 6.17.0-1013.13~24.04.1

  • ubuntulinux-aws-6.2

    all

  • ubuntulinux-aws-6.5

    all

  • ubuntulinux-aws-6.8

    all | < 6.8.0-1053.56~22.04.1

  • ubuntulinux-aws-fips

    < 5.4.0-1158.168+fips1 | all | < 5.15.0-1106.113+fips1 | < 6.8.0-1053.56+fips1

  • ubuntulinux-azure

    all | all | all | all | all | < 5.4.0-1162.168 | < 5.15.0-1111.120 | < 6.8.0-1054.60 | < 6.17.0-1013.13

  • ubuntulinux-azure-5.11

    all

  • ubuntulinux-azure-5.13

    all

  • ubuntulinux-azure-5.15

    all | < 5.15.0-1111.120~20.04.1

  • ubuntulinux-azure-5.19

    all

  • ubuntulinux-azure-5.3

    all

  • ubuntulinux-azure-5.4

    all | < 5.4.0-1162.168~18.04.1

  • ubuntulinux-azure-5.8

    all

  • ubuntulinux-azure-6.11

    all

  • ubuntulinux-azure-6.14

    all

  • ubuntulinux-azure-6.17

    all | < 6.17.0-1013.13~24.04.1

  • ubuntulinux-azure-6.2

    all

  • ubuntulinux-azure-6.5

    all

  • ubuntulinux-azure-6.8

    all

  • ubuntulinux-azure-edge

    all

  • ubuntulinux-azure-fde

    all | all | all | all

  • ubuntulinux-azure-fde-5.19

    all

  • ubuntulinux-azure-fde-6.14

    all

  • ubuntulinux-azure-fde-6.17

    all

  • ubuntulinux-azure-fde-6.2

    all

  • ubuntulinux-azure-fde-6.8

    all

  • ubuntulinux-azure-fips

    < 5.4.0-1162.168+fips1 | all | < 5.15.0-1111.120+fips1 | < 6.8.0-1054.60+fips1

  • ubuntulinux-azure-nvidia

    all

  • ubuntulinux-azure-nvidia-6.14

    all

  • ubuntulinux-bluefield

    all | < 5.4.0-1117.124 | < 5.15.0-1090.92 | all

  • ubuntulinux-fips

    < 5.4.0-1132.142 | all | < 5.15.0-177.187+fips1 | < 6.8.0-111.111+fips1

  • ubuntulinux-gcp

    all | all | all | all | all | < 5.4.0-1161.170 | < 5.15.0-1106.115 | < 6.8.0-1055.58 | < 6.17.0-1013.13

  • ubuntulinux-gcp-5.11

    all

  • ubuntulinux-gcp-5.13

    all

  • ubuntulinux-gcp-5.15

    all | < 5.15.0-1106.115~20.04.1

  • ubuntulinux-gcp-5.19

    all

  • ubuntulinux-gcp-5.3

    all

  • ubuntulinux-gcp-5.4

    all | < 5.4.0-1161.170~18.04.1

Showing first 50 affected entries in server-rendered view.

References (25)