CVE

DEBIAN-CVE-2026-23243

In the Linux kernel, the following vulnerability has been resolved: RDMA/umad: Reject negative data_len in ib_umad_write ib_umad_write computes data_len from user-controlled count and the MAD header...

Back to all

CVE

DEBIAN-CVE-2026-23243

In the Linux kernel, the following vulnerability has been resolved: RDMA/umad: Reject negative datalen in ibumadwrite ibumadwrite computes datalen from user-controlled count and the MAD header sizes. With a mismatched user MAD header size and RMPP header length, datalen can become negative and reach ibcreatesendmad(). This can make the padding calculation exceed the segment size and trigger an out-of-bounds memset in allocsendrmpplist(). Add an explicit check to reject negative datalen before creating the send buffer. KASAN splat: [ 211.363464] BUG: KASAN: slab-out-of-bounds in ibcreatesendmad+0xa01/0x11b0 [ 211.364077] Write of size 220 at addr ffff88800c3fa1f8 by task spraythread/102 [ 211.365867] ibcreatesendmad+0xa01/0x11b0 [ 211.365887] ibumad_write+0x853/0x1c80

Package Versions Affected

No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

3.1

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Related Resources

No items found.

References

https://security-tracker.debian.org/tracker/CVE-2026-23243

Severity

7.8

CVSS Score

Basic Information

Ecosystem

Base CVSS

7.8

EPSS Probability

EPSS Percentile

Introduced Version

Fix Available

6.1.170-1,6.12.85-1,6.18.14-1,6.1.170-1~deb11u1

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

DEBIAN-CVE-2026-23243

DEBIAN-CVE-2026-23243

Package Versions Affected

Automatically patch vulnerabilities without upgrading

CVSS Version

Related Resources

References

Severity

7.8

Basic Information

Fix Critical Vulnerabilities Instantly