CVE-2026-23174Linux vulnerability

8 documents7 sources
Severity
5.3MEDIUM
No vector
EPSS
0.0%
top 92.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedFeb 14
Latest updateApr 13

Description

In the Linux kernel, the following vulnerability has been resolved: nvme-pci: handle changing device dma map requirements The initial state of dma_needs_unmap may be false, but change to true while mapping the data iterator. Enabling swiotlb is one such case that can change the result. The nvme driver needs to save the mapped dma vectors to be unmapped later, so allocate as needed during iteration rather than assume it was always allocated at the beginning. This fixes a NULL dereference from a

Affected Packages4 packages

Linuxlinux/linux_kernel6.17.06.18.10
Debianlinux/linux_kernel< 6.18.10-1
CVEListV5linux/linuxb8b7570a7ec872f2a27b775c4f8710ca8a357adff3ed399e9aa6f36e92d2d0fe88b387915e9705fe+2
debiandebian/linux< linux 6.18.10-1 (forky)

🔴Vulnerability Details

4
VulDB
Linux Kernel up to 6.18.9 Nvme Driver dma_needs_unmap uninitialized pointer (Nessus ID 299098 / WID-SEC-2026-0421)2026-04-13
OSV
CVE-2026-23174: In the Linux kernel, the following vulnerability has been resolved: nvme-pci: handle changing device dma map requirements The initial state of dma_nee2026-02-14
OSV
nvme-pci: handle changing device dma map requirements2026-02-14
GHSA
GHSA-wrw7-63r4-jj3j: In the Linux kernel, the following vulnerability has been resolved: nvme-pci: handle changing device dma map requirements The initial state of dma_n2026-02-14

📋Vendor Advisories

2
Red Hat
kernel: nvme-pci: handle changing device dma map requirements2026-02-14
Debian
CVE-2026-23174: linux - In the Linux kernel, the following vulnerability has been resolved: nvme-pci: h...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23174 Impact, Exploitability, and Mitigation Steps | Wiz