CVE-2026-45962
MEDIUMublk: Validate SQE128 flag before accessing the cmd
Title source: cnaDescription
In the Linux kernel, the following vulnerability has been resolved: ublk: Validate SQE128 flag before accessing the cmd ublk_ctrl_cmd_dump() accesses (header *)sqe->cmd before IO_URING_F_SQE128 flag check. This could cause out of boundary memory access. Move the SQE128 flag check earlier in ublk_ctrl_uring_cmd() to return -EINVAL immediately if the flag is not set.
References (6)
Core 6
Core References
Scores
CVSS v3
5.5
EPSS
0.0016
EPSS Percentile
5.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
Status
published
Products (20)
linux/Kernel
6.0.0 - 6.1.165linux
linux/Kernel
6.13.0 - 6.18.14linux
linux/Kernel
6.19.0 - 6.19.4linux
linux/Kernel
6.2.0 - 6.6.128linux
linux/Kernel
6.7.0 - 6.12.75linux
Linux/Linux
< 6.0
Linux/Linux
6.0
Linux/Linux
6.1.165 - 6.1.*
Linux/Linux
6.12.75 - 6.12.*
Linux/Linux
6.18.14 - 6.18.*
... and 10 more
Published
May 27, 2026
Tracked Since
May 27, 2026