VDB

DEBIAN-CVE-2026-31464

DEBIAN-CVE-2026-31464 PUBLISHED CVSS 8.100000381469727 HIGH

In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done() A malicious or compromised VIO server can return a num_written value in the discover targets MAD response that exceeds max_targets. This value is stored directly in vhost->num_targets without validation, and is then used as the loop bound in ibmvfc_alloc_targets() to index into disc_buf[], which is only allocated for max_targets entries. Indices at or beyond max_targets access kernel memory outside the DMA-coherent allocation. The out-of-bounds data is subsequently embedded in Implicit Logout and PLOGI MADs that are sent back to the VIO server, leaking kernel memory. Fix by clamping num_written to max_targets before storing it.

Risk Scores

CVSS 3.1
8.100000381469727
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Affected Products

VendorProductVersions
Debian:13linux6.12.43-1, 6.12.74-2, 6.12.74-1
Debian:11linux-6.16.1.162-1, 6.1.159-1, 6.1.158-1
Debian:12linux6.18.5-1, 6.1.106-3, *
Debian:11linux6.12.8-1, 6.12.11-1, 6.12.11-1
Debian:14linux6.19, 6.19, 6.19

Timeline

  • Apr 22, 2026 CVE Published
  • May 2, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›