CVE-2026-45962

Source
https://cve.org/CVERecord?id=CVE-2026-45962
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-45962.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-45962
Downstream
Published
2026-05-27T12:18:19.070Z
Modified
2026-06-18T03:56:41.513195590Z
Summary
ublk: Validate SQE128 flag before accessing the cmd
Details

In the Linux kernel, the following vulnerability has been resolved:

ublk: Validate SQE128 flag before accessing the cmd

ublkctrlcmddump() accesses (header *)sqe->cmd before IOURINGFSQE128 flag check. This could cause out of boundary memory access.

Move the SQE128 flag check earlier in ublkctrluring_cmd() to return -EINVAL immediately if the flag is not set.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45962.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
71f28f3136aff5890cd56de78abc673f8393cad9
Fixed
4b4dff498f46e9802f71bc84258bf73065f51c6a
Fixed
31cac6acf77ece488f29fb8f79589d9298e969c8
Fixed
dbe8e81a2ec608f87f79a34f6444cd62f6a243bb
Fixed
f75a5555e0049e7857eae25b60aee98b80e287ec
Fixed
17d33ba7291100008360b5a354962db37ad80684
Fixed
da7e4b75e50c087d2031a92f6646eb90f7045a67

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-45962.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.0.0
Fixed
6.1.165
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.128
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.75
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.14
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.4

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-45962.json"