Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2026-23244

Опубликовано: 18 мар. 2026
Источник: nvd
EPSS Низкий

Описание

In the Linux kernel, the following vulnerability has been resolved:

nvme: fix memory allocation in nvme_pr_read_keys()

nvme_pr_read_keys() takes num_keys from userspace and uses it to calculate the allocation size for rse via struct_size(). The upper limit is PR_KEYS_MAX (64K).

A malicious or buggy userspace can pass a large num_keys value that results in a 4MB allocation attempt at most, causing a warning in the page allocator when the order exceeds MAX_PAGE_ORDER.

To fix this, use kvzalloc() instead of kzalloc().

This bug has the same reasoning and fix with the patch below: https://lore.kernel.org/linux-block/20251212013510.3576091-1-kartikey406@gmail.com/

Warning log: WARNING: mm/page_alloc.c:5216 at __alloc_frozen_pages_noprof+0x5aa/0x2300 mm/page_alloc.c:5216, CPU#1: syz-executor117/272 Modules linked in: CPU: 1 UID: 0 PID: 272 Comm: syz-executor117 Not tainted 6.19.0 #1 PREEMPT(voluntary) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a

Ссылки

EPSS

Процентиль: 6%
0.00024
Низкий

Дефекты

Связанные уязвимости

redhat логотип

CVE-2026-23244

CVSS3: 5.5
redhat
10 дней назад

No description is available for this CVE.

msrc логотип

CVE-2026-23244

msrc
9 дней назад

nvme: fix memory allocation in nvme_pr_read_keys()

debian логотип

CVE-2026-23244

debian
9 дней назад

In the Linux kernel, the following vulnerability has been resolved: n ...

github логотип

GHSA-h4w6-67wq-xf89

github
9 дней назад

In the Linux kernel, the following vulnerability has been resolved: nvme: fix memory allocation in nvme_pr_read_keys() nvme_pr_read_keys() takes num_keys from userspace and uses it to calculate the allocation size for rse via struct_size(). The upper limit is PR_KEYS_MAX (64K). A malicious or buggy userspace can pass a large num_keys value that results in a 4MB allocation attempt at most, causing a warning in the page allocator when the order exceeds MAX_PAGE_ORDER. To fix this, use kvzalloc() instead of kzalloc(). This bug has the same reasoning and fix with the patch below: https://lore.kernel.org/linux-block/20251212013510.3576091-1-kartikey406@gmail.com/ Warning log: WARNING: mm/page_alloc.c:5216 at __alloc_frozen_pages_noprof+0x5aa/0x2300 mm/page_alloc.c:5216, CPU#1: syz-executor117/272 Modules linked in: CPU: 1 UID: 0 PID: 272 Comm: syz-executor117 Not tainted 6.19.0 #1 PREEMPT(voluntary) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701...

EPSS

Процентиль: 6%
0.00024
Низкий

Дефекты