CVE-2026-23390Incorrect Calculation of Buffer Size in Linux

CWE-131Incorrect Calculation of Buffer Size8 documents7 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 94.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: tracing/dma: Cap dma_map_sg tracepoint arrays to prevent buffer overflow The dma_map_sg tracepoint can trigger a perf buffer overflow when tracing large scatter-gather lists. With devices like virtio-gpu creating large DRM buffers, nents can exceed 1000 entries, resulting in: phys_addrs: 1000 * 8 bytes = 8,000 bytes dma_addrs: 1000 * 8 bytes = 8,000 bytes lengths: 1000 * 4 bytes = 4,000 bytes Total: ~20,000 bytes This exceed

Affected Packages5 packages

Linuxlinux/linux_kernel6.12.06.12.74+1
Debianlinux/linux_kernel< 6.12.74-1+1
CVEListV5linux/linux038eb433dc1474c4bc7d33188294e3d4778efdfd02d209bb018a40dee9eac89e91860253dee9605b+3
debiandebian/linux< linux 6.18.13-1 (forky)

🔴Vulnerability Details

3
OSV
tracing/dma: Cap dma_map_sg tracepoint arrays to prevent buffer overflow2026-03-25
GHSA
GHSA-qf3f-hxv9-hpx7: In the Linux kernel, the following vulnerability has been resolved: tracing/dma: Cap dma_map_sg tracepoint arrays to prevent buffer overflow The dma2026-03-25
OSV
CVE-2026-23390: In the Linux kernel, the following vulnerability has been resolved: tracing/dma: Cap dma_map_sg tracepoint arrays to prevent buffer overflow The dma_m2026-03-25

📋Vendor Advisories

3
Red Hat
kernel: tracing/dma: Cap dma_map_sg tracepoint arrays to prevent buffer overflow2026-03-25
Microsoft
tracing/dma: Cap dma_map_sg tracepoint arrays to prevent buffer overflow2026-03-10
Debian
CVE-2026-23390: linux - In the Linux kernel, the following vulnerability has been resolved: tracing/dma...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23390 Impact, Exploitability, and Mitigation Steps | Wiz