CVE-2026-45975

MEDIUM

ublk: use READ_ONCE() to read struct ublksrv_ctrl_cmd

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: ublk: use READ_ONCE() to read struct ublksrv_ctrl_cmd struct ublksrv_ctrl_cmd is part of the io_uring_sqe, which may lie in userspace-mapped memory. It's racy to access its fields with normal loads, as userspace may write to them concurrently. Use READ_ONCE() to copy the ublksrv_ctrl_cmd from the io_uring_sqe to the stack. Use the local copy in place of the one in the io_uring_sqe.

Scores

CVSS v3 5.5
EPSS 0.0011
EPSS Percentile 1.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

Status published
Products (8)
linux/Kernel 6.19.0 - 6.19.4linux
Linux/Linux < 6.19
Linux/Linux 6.19
Linux/Linux 6.19.4 - 6.19.*
Linux/Linux 7.0
Linux/Linux 87213b0d847cd300285b5545598e0548baeb5208 - ce63eda3e6d36e2c253febee1c8421ecbd1a680e
Linux/Linux 87213b0d847cd300285b5545598e0548baeb5208 - ed9f54cc1e335096733aed03c2a46de3d58922ed
linux/linux_kernel 6.19 - 6.19.4
Published May 27, 2026
Tracked Since May 27, 2026