CVE-2026-43449 (GCVE-0-2026-43449)
Vulnerability from cvelistv5 – Published: 2026-05-08 14:22 – Updated: 2026-05-11 22:24
VLAI?
Title
nvme-pci: Fix slab-out-of-bounds in nvme_dbbuf_set
Summary
In the Linux kernel, the following vulnerability has been resolved:
nvme-pci: Fix slab-out-of-bounds in nvme_dbbuf_set
dev->online_queues is a count incremented in nvme_init_queue. Thus,
valid indices are 0 through dev->online_queues − 1.
This patch fixes the loop condition to ensure the index stays within the
valid range. Index 0 is excluded because it is the admin queue.
KASAN splat:
==================================================================
BUG: KASAN: slab-out-of-bounds in nvme_dbbuf_free drivers/nvme/host/pci.c:377 [inline]
BUG: KASAN: slab-out-of-bounds in nvme_dbbuf_set+0x39c/0x400 drivers/nvme/host/pci.c:404
Read of size 2 at addr ffff88800592a574 by task kworker/u8:5/74
CPU: 0 UID: 0 PID: 74 Comm: kworker/u8:5 Not tainted 6.19.0-dirty #10 PREEMPT(voluntary)
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
Workqueue: nvme-reset-wq nvme_reset_work
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0xea/0x150 lib/dump_stack.c:120
print_address_description mm/kasan/report.c:378 [inline]
print_report+0xce/0x5d0 mm/kasan/report.c:482
kasan_report+0xdc/0x110 mm/kasan/report.c:595
__asan_report_load2_noabort+0x18/0x20 mm/kasan/report_generic.c:379
nvme_dbbuf_free drivers/nvme/host/pci.c:377 [inline]
nvme_dbbuf_set+0x39c/0x400 drivers/nvme/host/pci.c:404
nvme_reset_work+0x36b/0x8c0 drivers/nvme/host/pci.c:3252
process_one_work+0x956/0x1aa0 kernel/workqueue.c:3257
process_scheduled_works kernel/workqueue.c:3340 [inline]
worker_thread+0x65c/0xe60 kernel/workqueue.c:3421
kthread+0x41a/0x930 kernel/kthread.c:463
ret_from_fork+0x6f8/0x8c0 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
</TASK>
Allocated by task 34 on cpu 1 at 4.241550s:
kasan_save_stack+0x2c/0x60 mm/kasan/common.c:57
kasan_save_track+0x1c/0x70 mm/kasan/common.c:78
kasan_save_alloc_info+0x3c/0x50 mm/kasan/generic.c:570
poison_kmalloc_redzone mm/kasan/common.c:398 [inline]
__kasan_kmalloc+0xb5/0xc0 mm/kasan/common.c:415
kasan_kmalloc include/linux/kasan.h:263 [inline]
__do_kmalloc_node mm/slub.c:5657 [inline]
__kmalloc_node_noprof+0x2bf/0x8d0 mm/slub.c:5663
kmalloc_array_node_noprof include/linux/slab.h:1075 [inline]
nvme_pci_alloc_dev drivers/nvme/host/pci.c:3479 [inline]
nvme_probe+0x2f1/0x1820 drivers/nvme/host/pci.c:3534
local_pci_probe+0xef/0x1c0 drivers/pci/pci-driver.c:324
pci_call_probe drivers/pci/pci-driver.c:392 [inline]
__pci_device_probe drivers/pci/pci-driver.c:417 [inline]
pci_device_probe+0x743/0x920 drivers/pci/pci-driver.c:451
call_driver_probe drivers/base/dd.c:583 [inline]
really_probe+0x29b/0xb70 drivers/base/dd.c:661
__driver_probe_device+0x3b0/0x4a0 drivers/base/dd.c:803
driver_probe_device+0x56/0x1f0 drivers/base/dd.c:833
__driver_attach_async_helper+0x155/0x340 drivers/base/dd.c:1159
async_run_entry_fn+0xa6/0x4b0 kernel/async.c:129
process_one_work+0x956/0x1aa0 kernel/workqueue.c:3257
process_scheduled_works kernel/workqueue.c:3340 [inline]
worker_thread+0x65c/0xe60 kernel/workqueue.c:3421
kthread+0x41a/0x930 kernel/kthread.c:463
ret_from_fork+0x6f8/0x8c0 arch/x86/kernel/process.c:158
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246
The buggy address belongs to the object at ffff88800592a000
which belongs to the cache kmalloc-2k of size 2048
The buggy address is located 244 bytes to the right of
allocated 1152-byte region [ffff88800592a000, ffff88800592a480)
The buggy address belongs to the physical page:
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5928
head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
anon flags: 0xfffffc0000040(head|node=0|zone=1|lastcpupid=0x1fffff)
page_type: f5(slab)
raw: 000fffffc0000040 ffff888001042000 0000000000000000 dead000000000001
raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
head: 000fffffc0000040 ffff888001042000 00000
---truncated---
Severity ?
No CVSS data available.
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
0f0d2c876c96d4908a9ef40959a44bec21bdd6cf , < 2b9d605c3f0d3262142f196249cd3bd58c857c71
(git)
Affected: 0f0d2c876c96d4908a9ef40959a44bec21bdd6cf , < 86183d550559e45e07059bbdf17331fea469e38c (git) Affected: 0f0d2c876c96d4908a9ef40959a44bec21bdd6cf , < d7990c936e25f484b61a5adeeadc1d290a9fd16e (git) Affected: 0f0d2c876c96d4908a9ef40959a44bec21bdd6cf , < 83e6edd6358326c9c2de31a54bb4a1ec50703f1f (git) Affected: 0f0d2c876c96d4908a9ef40959a44bec21bdd6cf , < 50bad78f03a02d3c0f228edf9912b494d3e7acb9 (git) Affected: 0f0d2c876c96d4908a9ef40959a44bec21bdd6cf , < 328c551f0cc81ee776b186b86cc6e5253bb6fda7 (git) Affected: 0f0d2c876c96d4908a9ef40959a44bec21bdd6cf , < 78279d2d74c58a0ed64e43cf601a02649771182e (git) Affected: 0f0d2c876c96d4908a9ef40959a44bec21bdd6cf , < b4e78f1427c7d6859229ae9616df54e1fc05a516 (git) Affected: 930bb3092fe606baa23d57ae59b70b291d67a8af (git) Affected: fd1c1de8c4589fdd528733bfd01ed0c5f3f69204 (git) Affected: 4940816604e3ce7e05e8df297773ee86c0476d48 (git) Affected: 55a3b1ad694631cc2698b5500ac5865d7d0f064e (git) |
|
| Linux | Linux |
Affected:
5.10
Unaffected: 0 , < 5.10 (semver) Unaffected: 5.10.253 , ≤ 5.10.* (semver) Unaffected: 5.15.203 , ≤ 5.15.* (semver) Unaffected: 6.1.167 , ≤ 6.1.* (semver) Unaffected: 6.6.130 , ≤ 6.6.* (semver) Unaffected: 6.12.78 , ≤ 6.12.* (semver) Unaffected: 6.18.19 , ≤ 6.18.* (semver) Unaffected: 6.19.9 , ≤ 6.19.* (semver) Unaffected: 7.0 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/nvme/host/pci.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2b9d605c3f0d3262142f196249cd3bd58c857c71",
"status": "affected",
"version": "0f0d2c876c96d4908a9ef40959a44bec21bdd6cf",
"versionType": "git"
},
{
"lessThan": "86183d550559e45e07059bbdf17331fea469e38c",
"status": "affected",
"version": "0f0d2c876c96d4908a9ef40959a44bec21bdd6cf",
"versionType": "git"
},
{
"lessThan": "d7990c936e25f484b61a5adeeadc1d290a9fd16e",
"status": "affected",
"version": "0f0d2c876c96d4908a9ef40959a44bec21bdd6cf",
"versionType": "git"
},
{
"lessThan": "83e6edd6358326c9c2de31a54bb4a1ec50703f1f",
"status": "affected",
"version": "0f0d2c876c96d4908a9ef40959a44bec21bdd6cf",
"versionType": "git"
},
{
"lessThan": "50bad78f03a02d3c0f228edf9912b494d3e7acb9",
"status": "affected",
"version": "0f0d2c876c96d4908a9ef40959a44bec21bdd6cf",
"versionType": "git"
},
{
"lessThan": "328c551f0cc81ee776b186b86cc6e5253bb6fda7",
"status": "affected",
"version": "0f0d2c876c96d4908a9ef40959a44bec21bdd6cf",
"versionType": "git"
},
{
"lessThan": "78279d2d74c58a0ed64e43cf601a02649771182e",
"status": "affected",
"version": "0f0d2c876c96d4908a9ef40959a44bec21bdd6cf",
"versionType": "git"
},
{
"lessThan": "b4e78f1427c7d6859229ae9616df54e1fc05a516",
"status": "affected",
"version": "0f0d2c876c96d4908a9ef40959a44bec21bdd6cf",
"versionType": "git"
},
{
"status": "affected",
"version": "930bb3092fe606baa23d57ae59b70b291d67a8af",
"versionType": "git"
},
{
"status": "affected",
"version": "fd1c1de8c4589fdd528733bfd01ed0c5f3f69204",
"versionType": "git"
},
{
"status": "affected",
"version": "4940816604e3ce7e05e8df297773ee86c0476d48",
"versionType": "git"
},
{
"status": "affected",
"version": "55a3b1ad694631cc2698b5500ac5865d7d0f064e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/nvme/host/pci.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.10"
},
{
"lessThan": "5.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.253",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.203",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.167",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.130",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.78",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.19",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.19.*",
"status": "unaffected",
"version": "6.19.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.253",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.203",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.167",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.130",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.78",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.19",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19.9",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0",
"versionStartIncluding": "5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.9.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-pci: Fix slab-out-of-bounds in nvme_dbbuf_set\n\ndev-\u003eonline_queues is a count incremented in nvme_init_queue. Thus,\nvalid indices are 0 through dev-\u003eonline_queues \u2212 1.\n\nThis patch fixes the loop condition to ensure the index stays within the\nvalid range. Index 0 is excluded because it is the admin queue.\n\nKASAN splat:\n\n==================================================================\nBUG: KASAN: slab-out-of-bounds in nvme_dbbuf_free drivers/nvme/host/pci.c:377 [inline]\nBUG: KASAN: slab-out-of-bounds in nvme_dbbuf_set+0x39c/0x400 drivers/nvme/host/pci.c:404\nRead of size 2 at addr ffff88800592a574 by task kworker/u8:5/74\n\nCPU: 0 UID: 0 PID: 74 Comm: kworker/u8:5 Not tainted 6.19.0-dirty #10 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nWorkqueue: nvme-reset-wq nvme_reset_work\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0xea/0x150 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xce/0x5d0 mm/kasan/report.c:482\n kasan_report+0xdc/0x110 mm/kasan/report.c:595\n __asan_report_load2_noabort+0x18/0x20 mm/kasan/report_generic.c:379\n nvme_dbbuf_free drivers/nvme/host/pci.c:377 [inline]\n nvme_dbbuf_set+0x39c/0x400 drivers/nvme/host/pci.c:404\n nvme_reset_work+0x36b/0x8c0 drivers/nvme/host/pci.c:3252\n process_one_work+0x956/0x1aa0 kernel/workqueue.c:3257\n process_scheduled_works kernel/workqueue.c:3340 [inline]\n worker_thread+0x65c/0xe60 kernel/workqueue.c:3421\n kthread+0x41a/0x930 kernel/kthread.c:463\n ret_from_fork+0x6f8/0x8c0 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246\n \u003c/TASK\u003e\n\nAllocated by task 34 on cpu 1 at 4.241550s:\n kasan_save_stack+0x2c/0x60 mm/kasan/common.c:57\n kasan_save_track+0x1c/0x70 mm/kasan/common.c:78\n kasan_save_alloc_info+0x3c/0x50 mm/kasan/generic.c:570\n poison_kmalloc_redzone mm/kasan/common.c:398 [inline]\n __kasan_kmalloc+0xb5/0xc0 mm/kasan/common.c:415\n kasan_kmalloc include/linux/kasan.h:263 [inline]\n __do_kmalloc_node mm/slub.c:5657 [inline]\n __kmalloc_node_noprof+0x2bf/0x8d0 mm/slub.c:5663\n kmalloc_array_node_noprof include/linux/slab.h:1075 [inline]\n nvme_pci_alloc_dev drivers/nvme/host/pci.c:3479 [inline]\n nvme_probe+0x2f1/0x1820 drivers/nvme/host/pci.c:3534\n local_pci_probe+0xef/0x1c0 drivers/pci/pci-driver.c:324\n pci_call_probe drivers/pci/pci-driver.c:392 [inline]\n __pci_device_probe drivers/pci/pci-driver.c:417 [inline]\n pci_device_probe+0x743/0x920 drivers/pci/pci-driver.c:451\n call_driver_probe drivers/base/dd.c:583 [inline]\n really_probe+0x29b/0xb70 drivers/base/dd.c:661\n __driver_probe_device+0x3b0/0x4a0 drivers/base/dd.c:803\n driver_probe_device+0x56/0x1f0 drivers/base/dd.c:833\n __driver_attach_async_helper+0x155/0x340 drivers/base/dd.c:1159\n async_run_entry_fn+0xa6/0x4b0 kernel/async.c:129\n process_one_work+0x956/0x1aa0 kernel/workqueue.c:3257\n process_scheduled_works kernel/workqueue.c:3340 [inline]\n worker_thread+0x65c/0xe60 kernel/workqueue.c:3421\n kthread+0x41a/0x930 kernel/kthread.c:463\n ret_from_fork+0x6f8/0x8c0 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246\n\nThe buggy address belongs to the object at ffff88800592a000\n which belongs to the cache kmalloc-2k of size 2048\nThe buggy address is located 244 bytes to the right of\n allocated 1152-byte region [ffff88800592a000, ffff88800592a480)\n\nThe buggy address belongs to the physical page:\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5928\nhead: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0\nanon flags: 0xfffffc0000040(head|node=0|zone=1|lastcpupid=0x1fffff)\npage_type: f5(slab)\nraw: 000fffffc0000040 ffff888001042000 0000000000000000 dead000000000001\nraw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000\nhead: 000fffffc0000040 ffff888001042000 00000\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T22:24:48.370Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2b9d605c3f0d3262142f196249cd3bd58c857c71"
},
{
"url": "https://git.kernel.org/stable/c/86183d550559e45e07059bbdf17331fea469e38c"
},
{
"url": "https://git.kernel.org/stable/c/d7990c936e25f484b61a5adeeadc1d290a9fd16e"
},
{
"url": "https://git.kernel.org/stable/c/83e6edd6358326c9c2de31a54bb4a1ec50703f1f"
},
{
"url": "https://git.kernel.org/stable/c/50bad78f03a02d3c0f228edf9912b494d3e7acb9"
},
{
"url": "https://git.kernel.org/stable/c/328c551f0cc81ee776b186b86cc6e5253bb6fda7"
},
{
"url": "https://git.kernel.org/stable/c/78279d2d74c58a0ed64e43cf601a02649771182e"
},
{
"url": "https://git.kernel.org/stable/c/b4e78f1427c7d6859229ae9616df54e1fc05a516"
}
],
"title": "nvme-pci: Fix slab-out-of-bounds in nvme_dbbuf_set",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-43449",
"datePublished": "2026-05-08T14:22:15.276Z",
"dateReserved": "2026-05-01T14:12:56.010Z",
"dateUpdated": "2026-05-11T22:24:48.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-43449",
"date": "2026-05-22",
"epss": "0.00013",
"percentile": "0.0259"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-43449\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-05-08T15:16:57.477\",\"lastModified\":\"2026-05-21T16:59:20.160\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnvme-pci: Fix slab-out-of-bounds in nvme_dbbuf_set\\n\\ndev-\u003eonline_queues is a count incremented in nvme_init_queue. Thus,\\nvalid indices are 0 through dev-\u003eonline_queues \u2212 1.\\n\\nThis patch fixes the loop condition to ensure the index stays within the\\nvalid range. Index 0 is excluded because it is the admin queue.\\n\\nKASAN splat:\\n\\n==================================================================\\nBUG: KASAN: slab-out-of-bounds in nvme_dbbuf_free drivers/nvme/host/pci.c:377 [inline]\\nBUG: KASAN: slab-out-of-bounds in nvme_dbbuf_set+0x39c/0x400 drivers/nvme/host/pci.c:404\\nRead of size 2 at addr ffff88800592a574 by task kworker/u8:5/74\\n\\nCPU: 0 UID: 0 PID: 74 Comm: kworker/u8:5 Not tainted 6.19.0-dirty #10 PREEMPT(voluntary)\\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\\nWorkqueue: nvme-reset-wq nvme_reset_work\\nCall Trace:\\n \u003cTASK\u003e\\n __dump_stack lib/dump_stack.c:94 [inline]\\n dump_stack_lvl+0xea/0x150 lib/dump_stack.c:120\\n print_address_description mm/kasan/report.c:378 [inline]\\n print_report+0xce/0x5d0 mm/kasan/report.c:482\\n kasan_report+0xdc/0x110 mm/kasan/report.c:595\\n __asan_report_load2_noabort+0x18/0x20 mm/kasan/report_generic.c:379\\n nvme_dbbuf_free drivers/nvme/host/pci.c:377 [inline]\\n nvme_dbbuf_set+0x39c/0x400 drivers/nvme/host/pci.c:404\\n nvme_reset_work+0x36b/0x8c0 drivers/nvme/host/pci.c:3252\\n process_one_work+0x956/0x1aa0 kernel/workqueue.c:3257\\n process_scheduled_works kernel/workqueue.c:3340 [inline]\\n worker_thread+0x65c/0xe60 kernel/workqueue.c:3421\\n kthread+0x41a/0x930 kernel/kthread.c:463\\n ret_from_fork+0x6f8/0x8c0 arch/x86/kernel/process.c:158\\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246\\n \u003c/TASK\u003e\\n\\nAllocated by task 34 on cpu 1 at 4.241550s:\\n kasan_save_stack+0x2c/0x60 mm/kasan/common.c:57\\n kasan_save_track+0x1c/0x70 mm/kasan/common.c:78\\n kasan_save_alloc_info+0x3c/0x50 mm/kasan/generic.c:570\\n poison_kmalloc_redzone mm/kasan/common.c:398 [inline]\\n __kasan_kmalloc+0xb5/0xc0 mm/kasan/common.c:415\\n kasan_kmalloc include/linux/kasan.h:263 [inline]\\n __do_kmalloc_node mm/slub.c:5657 [inline]\\n __kmalloc_node_noprof+0x2bf/0x8d0 mm/slub.c:5663\\n kmalloc_array_node_noprof include/linux/slab.h:1075 [inline]\\n nvme_pci_alloc_dev drivers/nvme/host/pci.c:3479 [inline]\\n nvme_probe+0x2f1/0x1820 drivers/nvme/host/pci.c:3534\\n local_pci_probe+0xef/0x1c0 drivers/pci/pci-driver.c:324\\n pci_call_probe drivers/pci/pci-driver.c:392 [inline]\\n __pci_device_probe drivers/pci/pci-driver.c:417 [inline]\\n pci_device_probe+0x743/0x920 drivers/pci/pci-driver.c:451\\n call_driver_probe drivers/base/dd.c:583 [inline]\\n really_probe+0x29b/0xb70 drivers/base/dd.c:661\\n __driver_probe_device+0x3b0/0x4a0 drivers/base/dd.c:803\\n driver_probe_device+0x56/0x1f0 drivers/base/dd.c:833\\n __driver_attach_async_helper+0x155/0x340 drivers/base/dd.c:1159\\n async_run_entry_fn+0xa6/0x4b0 kernel/async.c:129\\n process_one_work+0x956/0x1aa0 kernel/workqueue.c:3257\\n process_scheduled_works kernel/workqueue.c:3340 [inline]\\n worker_thread+0x65c/0xe60 kernel/workqueue.c:3421\\n kthread+0x41a/0x930 kernel/kthread.c:463\\n ret_from_fork+0x6f8/0x8c0 arch/x86/kernel/process.c:158\\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246\\n\\nThe buggy address belongs to the object at ffff88800592a000\\n which belongs to the cache kmalloc-2k of size 2048\\nThe buggy address is located 244 bytes to the right of\\n allocated 1152-byte region [ffff88800592a000, ffff88800592a480)\\n\\nThe buggy address belongs to the physical page:\\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5928\\nhead: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0\\nanon flags: 0xfffffc0000040(head|node=0|zone=1|lastcpupid=0x1fffff)\\npage_type: f5(slab)\\nraw: 000fffffc0000040 ffff888001042000 0000000000000000 dead000000000001\\nraw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000\\nhead: 000fffffc0000040 ffff888001042000 00000\\n---truncated---\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.14.210\",\"versionEndExcluding\":\"4.15\",\"matchCriteriaId\":\"8850B628-46E3-4E83-8136-9AFC8965A13E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.19.161\",\"versionEndExcluding\":\"4.20\",\"matchCriteriaId\":\"368AA3A3-6A4A-492B-99FB-E804FFEBF173\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.4.81\",\"versionEndExcluding\":\"5.5\",\"matchCriteriaId\":\"71E14FFC-F203-4E2A-81C4-D67CF14E2327\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.9.12\",\"versionEndExcluding\":\"5.10\",\"matchCriteriaId\":\"7D05D36D-2D49-4012-BD61-E167762C92E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.10.1\",\"versionEndExcluding\":\"5.10.253\",\"matchCriteriaId\":\"B87BA2E9-4271-421C-B198-37987F5E3B98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.203\",\"matchCriteriaId\":\"20DDB3E9-AABF-4107-ADB0-5362AA067045\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.167\",\"matchCriteriaId\":\"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.130\",\"matchCriteriaId\":\"C57BB918-DF28-46B3-94F7-144176841267\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.12.78\",\"matchCriteriaId\":\"28D591F5-B196-4CC9-905C-DC80F116E7A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.13\",\"versionEndExcluding\":\"6.18.19\",\"matchCriteriaId\":\"D394AC60-6F28-435F-872A-CCDF384B8331\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.19\",\"versionEndExcluding\":\"6.19.9\",\"matchCriteriaId\":\"E825E7C3-FEAC-4FD3-8A81-78D7387948C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.10:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"B29EBB93-107F-4ED6-8DE3-C2732BC659C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.10:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0390D83-6C17-4557-BE8D-B659E04F565A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.10:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"4120E4B3-B66D-4ACE-8570-1DD4DF20A324\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.10:rc7:*:*:*:*:*:*\",\"matchCriteriaId\":\"73D60343-647D-4B5D-AA6D-CE87C462E368\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F253B622-8837-4245-BCE5-A7BF8FC76A16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F666C8D8-6538-46D4-B318-87610DE64C34\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/2b9d605c3f0d3262142f196249cd3bd58c857c71\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/328c551f0cc81ee776b186b86cc6e5253bb6fda7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/50bad78f03a02d3c0f228edf9912b494d3e7acb9\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/78279d2d74c58a0ed64e43cf601a02649771182e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/83e6edd6358326c9c2de31a54bb4a1ec50703f1f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/86183d550559e45e07059bbdf17331fea469e38c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b4e78f1427c7d6859229ae9616df54e1fc05a516\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/d7990c936e25f484b61a5adeeadc1d290a9fd16e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…