SB2026032554 - Out-of-bounds read in Linux kernel trace events

Description

This security bulletin contains information about 1 security vulnerability.

1) Out-of-bounds read (CVE-ID: CVE-2026-23390)

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to improper input validation in the dma_map_sg tracepoint when handling large scatter-gather lists. A local user can trigger the tracepoint with a large scatter-gather list to cause a perf buffer overflow, resulting in a denial of service.

The tracepoint is used during DMA mapping operations and can be triggered when tracing is enabled. The buffer overflow occurs because the size of the trace data exceeds the maximum allowed size in the perf buffer, leading to a kernel warning and potential system instability.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/02d209bb018a40dee9eac89e91860253dee9605b
• https://git.kernel.org/stable/c/daafcc0ef0b358d9d622b6e3b7c43767aa3814ee
• https://git.kernel.org/stable/c/f2584f791a10343bdc995ff6ff402db45b95de69