CVE-2026-45975

Summary

In the Linux kernel, the following vulnerability has been resolved:

ublk: use READ_ONCE() to read struct ublksrv_ctrl_cmd

struct ublksrv_ctrl_cmd is part of the io_uring_sqe, which may lie in userspace-mapped memory. It's racy to access its fields with normal loads, as userspace may write to them concurrently. Use READ_ONCE() to copy the ublksrv_ctrl_cmd from the io_uring_sqe to the stack. Use the local copy in place of the one in the io_uring_sqe.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux87213b0d847cd300285b5545598e0548baeb5208 < ce63eda3e6d36e2c253febee1c8421ecbd1a680eaffected
LinuxLinux87213b0d847cd300285b5545598e0548baeb5208 < ed9f54cc1e335096733aed03c2a46de3d58922edaffected
LinuxLinux6.19affected
LinuxLinux0 < 6.19unaffected
LinuxLinux6.19.4 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References