5.5

CVE-2026-31438

netfs: Fix kernel BUG in netfs_limit_iter() for ITER_KVEC iterators

In the Linux kernel, the following vulnerability has been resolved:

netfs: Fix kernel BUG in netfs_limit_iter() for ITER_KVEC iterators

When a process crashes and the kernel writes a core dump to a 9P
filesystem, __kernel_write() creates an ITER_KVEC iterator. This
iterator reaches netfs_limit_iter() via netfs_unbuffered_write(), which
only handles ITER_FOLIOQ, ITER_BVEC and ITER_XARRAY iterator types,
hitting the BUG() for any other type.

Fix this by adding netfs_limit_kvec() following the same pattern as
netfs_limit_bvec(), since both kvec and bvec are simple segment arrays
with pointer and length fields. Dispatch it from netfs_limit_iter() when
the iterator type is ITER_KVEC.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.8 < 6.12.80
LinuxLinux Kernel Version >= 6.13 < 6.18.21
LinuxLinux Kernel Version >= 6.19 < 6.19.11
LinuxLinux Kernel Version7.0 Updaterc1
LinuxLinux Kernel Version7.0 Updaterc2
LinuxLinux Kernel Version7.0 Updaterc3
LinuxLinux Kernel Version7.0 Updaterc4
LinuxLinux Kernel Version7.0 Updaterc5
LinuxLinux Kernel Version7.0 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.023
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/00d6df7115f6972370974212de9088087820802e
Patch
https://git.kernel.org/stable/c/18c2e20b42dd21db599e42d05ddaeeb647b2bb6d
Patch
https://git.kernel.org/stable/c/4bc2d72c7695cedf6d4e1a558924903c2b28a78e
Patch
https://git.kernel.org/stable/c/67e467a11f62ff64ad219dc6aa5459e132c79d14
Patch