CVE Catalog

CVE-2026-45962

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

5th percentile - higher than 5% of all known CVEs

Summary

A vulnerability has been identified in the Linux kernel affecting the ublk_ctrl_cmd_dump() function. The issue arises from the lack of validation of the SQE128 flag before accessing memory, which could lead to unauthorized out-of-bounds memory access.

Risk Assessment

This vulnerability could compromise system integrity, allowing attackers to access sensitive data or destabilize the system.

Recommendation

It is recommended to update the Linux kernel to the latest version where fixes for the SQE128 flag validation have been implemented.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: ublk: Validate SQE128 flag before accessing the cmd ublk_ctrl_cmd_dump() accesses (header *)sqe->cmd before IO_URING_F_SQE128 flag check. This could cause out of boundary memory access. Move the SQE128 flag check earlier in ublk_ctrl_uring_cmd() to return -EINVAL immediately if the flag is not set.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS