CVE-2026-45962 Linux CVE debrief

Who should care

Linux system administrators running kernels with ublk enabled; security teams tracking kernel memory safety issues; organizations using io_uring-based block device virtualization

Technical summary

The ublk kernel driver for userspace block devices contains a validation ordering flaw. When processing control commands via io_uring, ublk_ctrl_cmd_dump() dereferences sqe->cmd as a header structure before confirming the command uses the extended SQE128 format. This premature access can read past the end of a standard 64-byte SQE, resulting in out-of-bounds kernel memory access. The resolution restructures ublk_ctrl_uring_cmd() to validate IO_URING_F_SQE128 before any command data access, failing with -EINVAL for non-compliant submissions.

Defensive priority

medium

Recommended defensive actions

• Review kernel version and confirm if ublk driver is in use
• Apply kernel updates from distribution vendor when available
• Monitor stable kernel branches for applicable backported fixes
• Consider disabling ublk if not required until patch is applied

Evidence notes

The vulnerability description indicates this is a memory safety issue in kernel code handling io_uring commands for ublk. The fix involves reordering validation logic to check the SQE128 flag before accessing command data. Multiple stable kernel branch commits are referenced, suggesting backports to supported kernel versions.

Official resources