Linux Kernel: Data Corruption and Crashes Possible with NVMe over TCP

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Linux Kernel: Data Corruption and Crashes Possible with NVMe over TCP

CVE-2026-23112

Summary

A bug in the Linux kernel's NVMe over TCP driver could cause data corruption or system crashes if a malicious or malformed network packet is received. This issue has been fixed in a recent update, so it's essential to keep your Linux system up to date to prevent potential problems. You should update your Linux kernel to the latest version as soon as possible.

Original title

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec nvmet_tcp_build_pdu_iovec() could walk past cmd->req.sg when a PDU le...

Original description

In the Linux kernel, the following vulnerability has been resolved:

nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec

nvmet_tcp_build_pdu_iovec() could walk past cmd->req.sg when a PDU
length or offset exceeds sg_cnt and then use bogus sg->length/offset
values, leading to _copy_to_iter() GPF/KASAN. Guard sg_idx, remaining
entries, and sg->length/offset before building the bvec.

Published: 13 Feb 2026 · Updated: 10 Mar 2026 · First seen: 6 Mar 2026