CVE-2026-23222
Received
Received - Intake
Incorrect Scatterlist Allocation in Linux OMAP Crypto Causes Memory Corruption
Publication date: 2026-02-18
Last updated on: 2026-04-02
Assigner: kernel.org
Description
Description
In the Linux kernel, the following vulnerability has been resolved:
crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly
The existing allocation of scatterlists in omap_crypto_copy_sg_lists()
was allocating an array of scatterlist pointers, not scatterlist objects,
resulting in a 4x too small allocation.
Use sizeof(*new_sg) to get the correct object size.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 6.19 (inc) to 6.19.1 (exc) |
| linux | linux_kernel | From 5.16 (inc) to 6.1.164 (exc) |
| linux | linux_kernel | From 5.11 (inc) to 5.15.201 (exc) |
| linux | linux_kernel | From 6.2 (inc) to 6.6.125 (exc) |
| linux | linux_kernel | From 6.7 (inc) to 6.12.72 (exc) |
| linux | linux_kernel | From 6.13 (inc) to 6.18.11 (exc) |
| linux | linux_kernel | From 4.13 (inc) to 5.10.251 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's crypto subsystem, specifically in the omap_crypto_copy_sg_lists() function. The issue is that the allocation of scatterlists was done incorrectly by allocating an array of scatterlist pointers instead of scatterlist objects. This caused the allocated memory to be four times smaller than needed. The fix involved using sizeof(*new_sg) to allocate the correct size for the scatterlist objects.
How can this vulnerability impact me? :
I don't know
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70