CVE-2026-23093 - Vulnerability Details

- ksmbd: smbd: fix dma_unmap_sg() nents

Description

In the Linux kernel, the following vulnerability has been resolved:

ksmbd: smbd: fix dma_unmap_sg() nents

The dma_unmap_sg() functions should be called with the same nents as the
dma_map_sg(), not the value the map function returned.

Published: 2026-02-04

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A defect in the Linux kernel caused the dma_unmap_sg() function to be invoked with a count of scatter‑gather entries (nents) that did not match the original dma_map_sg() call. This mismatch can lead to improper unmapping of DMA buffers, resulting in memory corruption or kernel crashes. The vulnerability is a state inconsistency that may compromise the integrity and availability of the system.

Affected Systems

All Linux kernel builds prior to the application of the patch are affected. This includes the mainline 6.19 series, all release candidates from rc1 through rc6, and any earlier stable releases that have not been updated to a fixed kernel. The vulnerability is not limited to a particular distribution but applies to any system running an unpatched kernel where the DMA unmap routine is exercised.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, and the EPSS score of less than 1% implies a very low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog, and no public exploit has been reported. Exploiting this flaw would require privileged kernel access or a preceding vulnerability that allows DMA operation manipulation, making the attack vector non‑public and largely theoretical for most environments.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`0626e6641f6b467447c81dd7678a69c66f7746cf`	affected	< f569f5b8bfd5133defdf9c7f8a72c63aa11f54ec
`0626e6641f6b467447c81dd7678a69c66f7746cf`	affected	< 6ececffd3e9fe93a87738625dc0671165d27bf96
`0626e6641f6b467447c81dd7678a69c66f7746cf`	affected	< 4d1e9a4a450aae47277763562122cc80ed703ab2
`0626e6641f6b467447c81dd7678a69c66f7746cf`	affected	< 70ba85e439221a5d6dda34a3004db6640f0525e6
`0626e6641f6b467447c81dd7678a69c66f7746cf`	affected	< d1943bc9dc9508f5933788a76f8a35d10e43a646
`0626e6641f6b467447c81dd7678a69c66f7746cf`	affected	< 98e3e2b561bc88f4dd218d1c05890672874692f6

Linux

affected

Version	Status	Constraints
`5.15`	affected	—
`0`	unaffected	< 5.15
`5.15.199`	unaffected	≤ 5.15.*
`6.1.162`	unaffected	≤ 6.1.*
`6.6.123`	unaffected	≤ 6.6.*
`6.12.69`	unaffected	≤ 6.12.*
`6.18.8`	unaffected	≤ 6.18.*
`6.19`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc5::::::
	cpe:2.3:o:linux:linux_kernel:6.19:rc6::::::

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a version that includes the CVE‑2026‑23093 fix, such as kernel 6.19.x or later.
If an immediate kernel upgrade is not feasible, apply any distribution‑specific backport patches that contain the security fix and ensure the system is not using the affected kernel branches.
Enable kernel debugging features such as KASAN, page‑fault tracking, or runtime checks to detect anomalous DMA mapping/unmapping activity and monitor system logs for signs of memory corruption or instability.

Generated by OpenCVE AI on April 18, 2026 at 13:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4476-1	linux-6.1 security update
Debian DSA	DSA-6126-1	linux security update
Debian DSA	DSA-6127-1	linux security update
Ubuntu USN	USN-8162-1	Linux kernel (NVIDIA Tegra) vulnerabilities
Ubuntu USN	USN-8180-1	Linux kernel vulnerabilities
Ubuntu USN	USN-8180-2	Linux kernel (FIPS) vulnerabilities
Ubuntu USN	USN-8186-1	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-8187-1	Linux kernel (NVIDIA) vulnerabilities
Ubuntu USN	USN-8188-1	Linux kernel (HWE) vulnerabilities

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00025.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/4d1e9a4a450aae47277763562122cc80ed703ab2
https://git.kernel.org/stable/c/6ececffd3e9fe93a87738625dc0671165d27bf96
https://git.kernel.org/stable/c/70ba85e439221a5d6dda34a3004db6640f0525e6
https://git.kernel.org/stable/c/98e3e2b561bc88f4dd218d1c05890672874692f6
https://git.kernel.org/stable/c/d1943bc9dc9508f5933788a76f8a35d10e43a646
https://git.kernel.org/stable/c/f569f5b8bfd5133defdf9c7f8a72c63aa11f54ec
https://lore.kernel.org/linux-cve-announce/2026020426-CVE-2026-23093-db0d@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-23093
https://www.cve.org/CVERecord?id=CVE-2026-23093

History

Tue, 17 Mar 2026 21:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:o:linux:linux_kernel:6.19:rc1:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc2:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.19:rc6::::::
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Fri, 06 Feb 2026 17:00:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/4d1e9a4a450aae47277763562122cc80ed703ab2 https://git.kernel.org/stable/c/6ececffd3e9fe93a87738625dc0671165d27bf96 https://git.kernel.org/stable/c/70ba85e439221a5d6dda34a3004db6640f0525e6 https://git.kernel.org/stable/c/f569f5b8bfd5133defdf9c7f8a72c63aa11f54ec

Thu, 05 Feb 2026 12:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2026020426-CVE-2026-23093-db0d@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-23093 https://www.cve.org/CVERecord?id=CVE-2026-23093

Wed, 04 Feb 2026 16:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: ksmbd: smbd: fix dma_unmap_sg() nents The dma_unmap_sg() functions should be called with the same nents as the dma_map_sg(), not the value the map function returned.
Title		ksmbd: smbd: fix dma_unmap_sg() nents
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/98e3e2b561bc88f4dd218d1c05890672874692f6 https://git.kernel.org/stable/c/d1943bc9dc9508f5933788a76f8a35d10e43a646

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-02-04T16:08:16.159Z

Updated: 2026-02-09T08:38:33.448Z

Reserved: 2026-01-13T15:37:45.962Z

Link: CVE-2026-23093

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-02-04T17:16:20.177

Modified: 2026-03-17T21:09:13.137

Link: CVE-2026-23093

Redhat

Severity :

Publid Date: 2026-02-04T00:00:00Z

Links: CVE-2026-23093 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-18T14:00:02Z

Weaknesses

NVD-CWE-noinfo

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object