7.8

CVE-2026-23243

EPSS 0.02%
Veröffentlicht 18.03.2026 10:05:05
Zuletzt bearbeitet 02.04.2026 15:16:26
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

RDMA/umad: Reject negative data_len in ib_umad_write

In the Linux kernel, the following vulnerability has been resolved:

RDMA/umad: Reject negative data_len in ib_umad_write

ib_umad_write computes data_len from user-controlled count and the
MAD header sizes. With a mismatched user MAD header size and RMPP
header length, data_len can become negative and reach ib_create_send_mad().
This can make the padding calculation exceed the segment size and trigger
an out-of-bounds memset in alloc_send_rmpp_list().

Add an explicit check to reject negative data_len before creating the
send buffer.

KASAN splat:
[  211.363464] BUG: KASAN: slab-out-of-bounds in ib_create_send_mad+0xa01/0x11b0
[  211.364077] Write of size 220 at addr ffff88800c3fa1f8 by task spray_thread/102
[  211.365867] ib_create_send_mad+0xa01/0x11b0
[  211.365887] ib_umad_write+0x853/0x1c80

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 11

CNA 2 VulnDex Vulnerability Enrichment 13

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version 2be8e3ee8efd6f99ce454115c29d09750915021a

Version < 1371ef6b1ecf3676b8942f5dfb3634fb0648128e

Status affected

Version 2be8e3ee8efd6f99ce454115c29d09750915021a

Version < 362e45fd9069ffa1523f9f1633b606ebf72060d7

Status affected

Version 2be8e3ee8efd6f99ce454115c29d09750915021a

Version < 6eb2919474ca105c5b13d19574e25f0ddcf19ca2

Status affected

Version 2be8e3ee8efd6f99ce454115c29d09750915021a

Version < a6a3e4af10993cb9e4b8f0548680aba0ab5f3b0d

Status affected

Version 2be8e3ee8efd6f99ce454115c29d09750915021a

Version < 9c80d688f402539dfc8f336de1380d6b4ee14316

Status affected

Version 2be8e3ee8efd6f99ce454115c29d09750915021a

Version < 205955f29c26330b1dc7fdeadd5bb97c38e26f56

Status affected

Version 2be8e3ee8efd6f99ce454115c29d09750915021a

Version < 52ab82cc5cf8ada5c3fb6ffe8f32fdb2fc27a34b

Status affected

Version 2be8e3ee8efd6f99ce454115c29d09750915021a

Version < 5551b02fdbfd85a325bb857f3a8f9c9f33397ed2

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 2.6.24

Status affected

Version 0

Version < 2.6.24

Status unaffected

Version <= 5.10.*

Version 5.10.252

Status unaffected

Version <= 5.15.*

Version 5.15.202

Status unaffected

Version <= 6.1.*

Version 6.1.165

Status unaffected

Version <= 6.6.*

Version 6.6.128

Status unaffected

Version <= 6.12.*

Version 6.12.75

Status unaffected

Version <= 6.18.*

Version 6.18.14

Status unaffected

Version <= 6.19.*

Version 6.19.4

Status unaffected

Version <= *

Version 7.0

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.034

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/1371ef6b1ecf3676b8942f5dfb3634fb0648128e

https://git.kernel.org/stable/c/362e45fd9069ffa1523f9f1633b606ebf72060d7

https://git.kernel.org/stable/c/6eb2919474ca105c5b13d19574e25f0ddcf19ca2

https://git.kernel.org/stable/c/a6a3e4af10993cb9e4b8f0548680aba0ab5f3b0d

https://git.kernel.org/stable/c/9c80d688f402539dfc8f336de1380d6b4ee14316

https://git.kernel.org/stable/c/205955f29c26330b1dc7fdeadd5bb97c38e26f56

https://git.kernel.org/stable/c/52ab82cc5cf8ada5c3fb6ffe8f32fdb2fc27a34b

https://git.kernel.org/stable/c/5551b02fdbfd85a325bb857f3a8f9c9f33397ed2

https://nvd.nist.gov/vuln/detail/CVE-2026-23243

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-23243

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-23243

EUVD