CVE-2026-45962

MEDIUM

ublk: Validate SQE128 flag before accessing the cmd

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: ublk: Validate SQE128 flag before accessing the cmd ublk_ctrl_cmd_dump() accesses (header *)sqe->cmd before IO_URING_F_SQE128 flag check. This could cause out of boundary memory access. Move the SQE128 flag check earlier in ublk_ctrl_uring_cmd() to return -EINVAL immediately if the flag is not set.

Scores

CVSS v3 5.5
EPSS 0.0016
EPSS Percentile 5.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

Status published
Products (20)
linux/Kernel 6.0.0 - 6.1.165linux
linux/Kernel 6.13.0 - 6.18.14linux
linux/Kernel 6.19.0 - 6.19.4linux
linux/Kernel 6.2.0 - 6.6.128linux
linux/Kernel 6.7.0 - 6.12.75linux
Linux/Linux < 6.0
Linux/Linux 6.0
Linux/Linux 6.1.165 - 6.1.*
Linux/Linux 6.12.75 - 6.12.*
Linux/Linux 6.18.14 - 6.18.*
... and 10 more
Published May 27, 2026
Tracked Since May 27, 2026