CVE-2026-45962

MEDIUM EPSS 5.1%
Published May 27, 20261mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 27, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ublk: Validate SQE128 flag before accessing the cmd ublk_ctrl_cmd_dump() accesses (header *)sqe->cmd before IO_URING_F_SQE128 flag check. This could cause out of boundary memory access. Move the SQE128 flag check earlier in ublk_ctrl_uring_cmd() to return -EINVAL immediately if the flag is not set.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
5.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 5

VendorProductVersionRange
linuxlinux_kernel*≥6.0  –  <6.1.165
linuxlinux_kernel*≥6.2  –  <6.6.128
linuxlinux_kernel*≥6.7  –  <6.12.75
linuxlinux_kernel*≥6.13  –  <6.18.14
linuxlinux_kernel*≥6.19  –  <6.19.4

References 6

  • git.kernel.org https://git.kernel.org/stable/c/17d33ba7291100008360b5a354962db37ad80684
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/31cac6acf77ece488f29fb8f79589d9298e969c8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4b4dff498f46e9802f71bc84258bf73065f51c6a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/da7e4b75e50c087d2031a92f6646eb90f7045a67
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dbe8e81a2ec608f87f79a34f6444cd62f6a243bb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f75a5555e0049e7857eae25b60aee98b80e287ec
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/17d33ba7291100008360b5a354962db37ad80684
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/31cac6acf77ece488f29fb8f79589d9298e969c8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4b4dff498f46e9802f71bc84258bf73065f51c6a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/da7e4b75e50c087d2031a92f6646eb90f7045a67
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dbe8e81a2ec608f87f79a34f6444cd62f6a243bb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f75a5555e0049e7857eae25b60aee98b80e287ec
    Patch