Out-of-bounds read in Linux kernel - CVE-2026-52989
Published: June 25, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to an out-of-bounds condition in nvmet_tcp_build_pdu_iovec() and the NVMe target TCP receive path when processing crafted PDU length or offset values. A remote attacker can send a specially crafted network PDU to cause a denial of service.
The issue occurs because a fatal error is not propagated to callers, leaving cmd->recv_msg.msg_iter uninitialized before subsequent receive handling uses it.
How to mitigate CVE-2026-52989
Sources
- https://git.kernel.org/stable/c/046fa5c72d15cd8e2d592e275697ea399d8f76b0
- https://git.kernel.org/stable/c/3df42a854686fa06484e37ac1a3931c8e3e3453c
- https://git.kernel.org/stable/c/c2a11441538bdbbc5aa003f190995eba93a89b88
- https://git.kernel.org/stable/c/d7c8f95f599b3b38a717d2e771c3f8c174f657c3
- https://git.kernel.org/stable/c/ea8e356acb165cb1fd75537a52e1f66e5e76c538
- https://git.kernel.org/stable/c/f9204a2b78dd18374d3bcf9bf93d9021ce22de1b