Description
In the Linux kernel, the following vulnerability has been resolved:

scsi: target: core: Fix integer overflow in UNMAP bounds check

sbc_execute_unmap() checks LBA + range does not exceed the device capacity,
but does not guard against LBA + range wrapping around on 64-bit overflow.

Add an overflow check matching the pattern already used for WRITE_SAME in
the same file.
Published: 2026-06-24
Score: 7.0 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability stems from an integer overflow in the Linux kernel's SCSI target core when processing UNMAP commands. The sbc_execute_unmap function adds the logical block address (LBA) to the requested range without protecting against a 64‑bit overflow, allowing the sum to wrap around and bypass the bounds check that ensures the target does not exceed device capacity. Based on the description, it is inferred that this unchecked overflow could lead to kernel memory corruption and a potential system crash, although the description does not explicitly confirm such an outcome.

Affected Systems

Any Linux kernel release that does not contain the patch commit that adds the overflow guard to sbc_execute_unmap is affected. This includes standard distribution kernels as well as custom or in‑house builds that ship the vulnerable kernel. The defect exists in the generic SCSI target core, so all devices that expose SCSI UNMAP commands to the kernel fall under this risk.

Risk and Exploitability

TheSS score is 7.0, reflecting moderate to high severity. The EPSS score is < 1 %, indicating a low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Based on the description, exploitation requires the ability to send crafted UNMAP requests to a SCSI target, which typically necessitates local or device‑level access. No public exploitation has been documented and the description does not confirm successful memory corruption, so the risk remains theoretical and depends on an attacker’s capability to issue UNMAP commands.

Generated by OpenCVE AI on June 27, 2026 at 03:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a release that includes the commit adding the integer overflow check to sbc_execute_unmap.
  • If a kernel upgrade cannot be performed immediately, configure the SCSI target to reject or disable UNMAP commands to prevent the vulnerable code path from being exercised.
  • Restrict access to the SCSI target to privileged or trusted users only, mitigating the chance that a non‑privileged attacker can send crafted UNMAP requests.

Generated by OpenCVE AI on June 27, 2026 at 03:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4664-1 linux security update
Debian DLA Debian DLA DLA-4665-1 linux security update
Debian DLA Debian DLA DLA-4671-1 linux-6.1 security update
History

Sat, 27 Jun 2026 02:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20
CWE-680

Sat, 27 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-190
References
Metrics threat_severity

None

cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate


Wed, 24 Jun 2026 23:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20
CWE-680

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Fix integer overflow in UNMAP bounds check sbc_execute_unmap() checks LBA + range does not exceed the device capacity, but does not guard against LBA + range wrapping around on 64-bit overflow. Add an overflow check matching the pattern already used for WRITE_SAME in the same file.
Title scsi: target: core: Fix integer overflow in UNMAP bounds check
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-24T16:29:30.671Z

Reserved: 2026-06-09T07:44:35.379Z

Link: CVE-2026-53021

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-24T00:00:00Z

Links: CVE-2026-53021 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-27T03:30:10Z

Weaknesses
  • CWE-190

    Integer Overflow or Wraparound