Description
In the Linux kernel, the following vulnerability has been resolved:

ublk: Validate SQE128 flag before accessing the cmd

ublk_ctrl_cmd_dump() accesses (header *)sqe->cmd before
IO_URING_F_SQE128 flag check. This could cause out of boundary memory
access.

Move the SQE128 flag check earlier in ublk_ctrl_uring_cmd() to return
-EINVAL immediately if the flag is not set.
Published: 2026-05-27
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel’s ublk controller contains a flaw in the function that dumps control commands. The function ublk_ctrl_cmd_dump() reads a command pointer before confirming that the SQE128 flag is set, which can result in an out-of-bounds memory access and potentially expose kernel data. This issue is classified as CWE-1285.

Affected Systems

All Linux kernel builds that include the unpatched ublk implementation are affected. The advisory does not list specific release series or versions; any kernel released before the fix may be vulnerable.

Risk and Exploitability

The CVSS score of 5.5 indicates medium severity, and the EPSS score of < 1% suggests a very low probability of exploitation; the vulnerability could lead to memory read errors or kernel instability. The likely attack vector appears local to the kernel’s ublk subsystem; the description does not state a remote component or external trigger. The defect is not listed in the CISA KEV catalog, indicating no known active exploitation at the time of publication.

Generated by OpenCVE AI on June 16, 2026 at 21:15 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade your Linux kernel to a version that includes the ublk flag validation patch (commit references are provided in the advisory).
  • If a kernel upgrade is not immediately possible, obtain the patch that moves the SQE128 flag check earlier into the kernel source, merge it, rebuild the kernel, and install the updated image.
  • If patching is delayed, disable the ublk subsystem or block its usage until the fix is applied.

Generated by OpenCVE AI on June 16, 2026 at 21:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 06:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Thu, 28 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1285
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ublk: Validate SQE128 flag before accessing the cmd ublk_ctrl_cmd_dump() accesses (header *)sqe->cmd before IO_URING_F_SQE128 flag check. This could cause out of boundary memory access. Move the SQE128 flag check earlier in ublk_ctrl_uring_cmd() to return -EINVAL immediately if the flag is not set.
Title ublk: Validate SQE128 flag before accessing the cmd
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-27T12:18:19.070Z

Reserved: 2026-05-13T15:03:33.089Z

Link: CVE-2026-45962

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-27T14:17:12.917

Modified: 2026-06-16T02:31:13.463

Link: CVE-2026-45962

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-45962 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T21:30:16Z

Weaknesses