CVE-2026-23112

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-23112
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23112.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-23112
Downstream
Related
Published
2026-02-13T13:29:56.724Z
Modified
2026-04-04T03:02:55.641984Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec
Details

In the Linux kernel, the following vulnerability has been resolved:

nvmet-tcp: add bounds checks in nvmettcpbuildpduiovec

nvmettcpbuildpduiovec() could walk past cmd->req.sg when a PDU length or offset exceeds sgcnt and then use bogus sg->length/offset values, leading to copytoiter() GPF/KASAN. Guard sg_idx, remaining entries, and sg->length/offset before building the bvec.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23112.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
872d26a391da92ed8f0c0f5cb5fef428067b7f30
Fixed
043b4307a99f902697349128fde93b2ddde4686c
Fixed
42afe8ed8ad2de9c19457156244ef3e1eca94b5d
Fixed
1385be357e8acd09b36e026567f3a9d5c61139de
Fixed
dca1a6ba0da9f472ef040525fab10fd9956db59f
Fixed
19672ae68d52ff75347ebe2420dde1b07adca09f
Fixed
ab200d71553bdcf4de554a5985b05b2dd606bc57
Fixed
52a0a98549344ca20ad81a4176d68d28e3c05a5c

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23112.json"