Description
In the Linux kernel, the following vulnerability has been resolved:

nvme-pci: handle changing device dma map requirements

The initial state of dma_needs_unmap may be false, but change to true
while mapping the data iterator. Enabling swiotlb is one such case that
can change the result. The nvme driver needs to save the mapped dma
vectors to be unmapped later, so allocate as needed during iteration
rather than assume it was always allocated at the beginning. This fixes
a NULL dereference from accessing an uninitialized dma_vecs when the
device dma unmapping requirements change mid-iteration.
Published: 2026-02-14
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via kernel crash caused by a NULL pointer dereference in the NVMe driver
Action: Apply Patch
AI Analysis

Impact

A NULL dereference is triggered in the NVMe PCI driver when the driver’s DMA mapping requirements change during a data iterator loop. The driver incorrectly assumes that the dma_vecs array is always initialized, and when the flag dma_needs_unmap flips to true, the uninitialized array causes a memory access that can crash the kernel. The resulting kernel panic leads to a loss of availability for the affected system, potentially allowing an attacker to restart the machine or disrupt critical services. The flaw is a classic NULL pointer dereference that falls under CWE‑476.

Affected Systems

All Linux kernel releases that include the NVMe PCI subsystem and that have not yet incorporated the patch that relocates the allocation of dma_vecs inside the iteration loop. The fix is referenced by the commit 071be3b0b6575d45be9df9c5b612f5882bfc5e88 in the Linux kernel source, and any system running a kernel version built from source prior to that commit is potentially vulnerable. No particular vendor or product version list is available beyond the generic Linux kernel family.

Risk and Exploitability

The CVE description does not state the attack vector. Based on the nature of the vulnerability—a null pointer dereference triggered when NVMe driver DMA mapping requirements change during data iteration—it is inferred that an attacker would need the ability to queue NVMe commands that cause iteration, which typically requires local privileged access. A non‑privileged user would normally need another privilege‑escalation path to affect the driver. The EPSS score is less than 1 %, and the flaw is not listed in the CISA KEV catalog. Any successful exploitation would produce a kernel panic, leading to a loss of system availability. The overall risk remains low to moderate depending on the host’s exposure.

Generated by OpenCVE AI on April 18, 2026 at 12:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that contains commit 071be3b0b6575d45be9df9c5b612f5882bfc5e88, which relocates dma_vecs allocation to occur only when needed.
  • Verify that all NVMe devices are connected following best‑practice hardware isolation to reduce the opportunity for an attacker to stimulate uninitialized DMA mapping.
  • If an immediate kernel update is infeasible, restrict NVMe device access to administrative or privileged users and monitor kernel logs for signs of NVMe‑related crashes or panics.

Generated by OpenCVE AI on April 18, 2026 at 12:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 12:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Tue, 17 Feb 2026 00:15:00 +0000

Type Values Removed Values Added
References

Sat, 14 Feb 2026 16:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: nvme-pci: handle changing device dma map requirements The initial state of dma_needs_unmap may be false, but change to true while mapping the data iterator. Enabling swiotlb is one such case that can change the result. The nvme driver needs to save the mapped dma vectors to be unmapped later, so allocate as needed during iteration rather than assume it was always allocated at the beginning. This fixes a NULL dereference from accessing an uninitialized dma_vecs when the device dma unmapping requirements change mid-iteration.
Title nvme-pci: handle changing device dma map requirements
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-02-14T16:27:07.421Z

Reserved: 2026-01-13T15:37:45.983Z

Link: CVE-2026-23174

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-02-14T17:15:55.103

Modified: 2026-04-15T14:34:27.800

Link: CVE-2026-23174

cve-icon Redhat

Severity :

Publid Date: 2026-02-14T00:00:00Z

Links: CVE-2026-23174 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T12:30:45Z

Weaknesses