CVE-2026-23148

CWE-476NULL Pointer DereferenceCWE-3677 documents7 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 89.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux LinuxLinux Linux Kernel
Timeline
PublishedFeb 14

Description

In the Linux kernel, the following vulnerability has been resolved: nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference There is a race condition in nvmet_bio_done() that can cause a NULL pointer dereference in blk_cgroup_bio_start(): 1. nvmet_bio_done() is called when a bio completes 2. nvmet_req_complete() is called, which invokes req->ops->queue_response(req) 3. The queue_response callback can re-queue and re-submit the same request 4. The re-submission reuses the same

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDlinux/linux_kernel6.12.376.12.69+4
CVEListV5linux/linux431e58d56fcb5ff1f9eb630724a922e0d2a941dfee10b06980acca1d46e0fa36d6fb4a9578eab6e4+4
Debianlinux< 6.12.69-1+1

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
OSV
CVE-2026-23148: In the Linux kernel, the following vulnerability has been resolved: nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference There is a2026-02-14
GHSA
GHSA-c783-64qq-77vx: In the Linux kernel, the following vulnerability has been resolved: nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference There is2026-02-14
CVEList
nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference2026-02-14

📋Vendor Advisories

2
Red Hat
kernel: nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference2026-02-14
Debian
CVE-2026-23148: linux - In the Linux kernel, the following vulnerability has been resolved: nvmet: fix ...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23148 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23148 (MEDIUM CVSS 5.5) | In the Linux kernel | cvebase.io