CVE-2026-31464
Out-of-Bounds Access in Linux ibmvfc Causes Kernel Memory Leak
Publication date: 2026-04-22
Last updated on: 2026-04-27
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's scsi: ibmvfc driver. A malicious or compromised VIO server can send a discover targets MAD response with a num_written value that exceeds the maximum allowed targets (max_targets). This value is stored without validation and used as a loop bound to index into an array (disc_buf[]) that is only allocated for max_targets entries. As a result, the code accesses memory outside the allocated buffer (out-of-bounds access). This out-of-bounds data is then embedded in messages sent back to the VIO server, causing leakage of kernel memory.
The vulnerability is fixed by clamping the num_written value to max_targets before storing it, preventing out-of-bounds access.
How can this vulnerability impact me? :
This vulnerability can lead to leakage of kernel memory to a malicious or compromised VIO server. Such leakage may expose sensitive information stored in kernel memory, potentially aiding attackers in further compromising the system or gaining unauthorized access.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is fixed by clamping the num_written value to max_targets before storing it in the Linux kernel's ibmvfc driver. To mitigate this vulnerability immediately, you should update your Linux kernel to a version that includes this fix.