CVE-2026-23244Linux vulnerability

9 documents8 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 93.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxLinux Kernel
Timeline
PublishedMar 18

Description

In the Linux kernel, the following vulnerability has been resolved: nvme: fix memory allocation in nvme_pr_read_keys() nvme_pr_read_keys() takes num_keys from userspace and uses it to calculate the allocation size for rse via struct_size(). The upper limit is PR_KEYS_MAX (64K). A malicious or buggy userspace can pass a large num_keys value that results in a 4MB allocation attempt at most, causing a warning in the page allocator when the order exceeds MAX_PAGE_ORDER. To fix this, use kvzalloc

Affected Packages3 packages

Linuxlinux/linux_kernel6.5.06.6.130+3
Debianlinux/linux_kernel< 6.19.8-1
CVEListV5linux/linux5fd96a4e15de8442915a912233d800c56f49001de42ff5abbd14927553b624c0e06d24df76156fe6+5

🔴Vulnerability Details

4
OSV
CVE-2026-23244: In the Linux kernel, the following vulnerability has been resolved: nvme: fix memory allocation in nvme_pr_read_keys() nvme_pr_read_keys() takes num_k2026-03-18
CVEList
nvme: fix memory allocation in nvme_pr_read_keys()2026-03-18
OSV
nvme: fix memory allocation in nvme_pr_read_keys()2026-03-18
GHSA
GHSA-h4w6-67wq-xf89: In the Linux kernel, the following vulnerability has been resolved: nvme: fix memory allocation in nvme_pr_read_keys() nvme_pr_read_keys() takes num2026-03-18

📋Vendor Advisories

3
Red Hat
kernel: nvme: fix memory allocation in nvme_pr_read_keys()2026-03-18
Microsoft
nvme: fix memory allocation in nvme_pr_read_keys()2026-03-10
Debian
CVE-2026-23244: linux - In the Linux kernel, the following vulnerability has been resolved: nvme: fix m...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23244 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23244 — Linux vulnerability | cvebase