CVE-2026-45962
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk5th percentile - higher than 5% of all known CVEs
Summary
A vulnerability has been identified in the Linux kernel affecting the ublk_ctrl_cmd_dump() function. The issue arises from the lack of validation of the SQE128 flag before accessing memory, which could lead to unauthorized out-of-bounds memory access.
Risk Assessment
This vulnerability could compromise system integrity, allowing attackers to access sensitive data or destabilize the system.
Recommendation
It is recommended to update the Linux kernel to the latest version where fixes for the SQE128 flag validation have been implemented.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: ublk: Validate SQE128 flag before accessing the cmd ublk_ctrl_cmd_dump() accesses (header *)sqe->cmd before IO_URING_F_SQE128 flag check. This could cause out of boundary memory access. Move the SQE128 flag check earlier in ublk_ctrl_uring_cmd() to return -EINVAL immediately if the flag is not set.

