Wind River Support Network

HomeDefectsLIN1023-18816
Acknowledged

LIN1023-18816 : Security Advisory - linux - CVE-2026-23112

Created: Feb 24, 2026    Updated: Feb 26, 2026
Found In Version: 10.23.30.2
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Kernel

Description

In the Linux kernel, the following vulnerability has been resolved:

nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec

nvmet_tcp_build_pdu_iovec() could walk past cmd->req.sg when a PDU
length or offset exceeds sg_cnt and then use bogus sg->length/offset
values, leading to _copy_to_iter() GPF/KASAN. Guard sg_idx, remaining
entries, and sg->length/offset before building the bvec.
  • Linkedin
  • Facebook
  • Twitter
  • Youtube