CVE-2026-45975
Analyzed Analyzed - Analysis Complete
Race Condition in Linux Kernel ublk Driver

Publication date: 2026-05-27

Last updated on: 2026-06-16

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ublk: use READ_ONCE() to read struct ublksrv_ctrl_cmd struct ublksrv_ctrl_cmd is part of the io_uring_sqe, which may lie in userspace-mapped memory. It's racy to access its fields with normal loads, as userspace may write to them concurrently. Use READ_ONCE() to copy the ublksrv_ctrl_cmd from the io_uring_sqe to the stack. Use the local copy in place of the one in the io_uring_sqe.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-06-16
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-45975
EUVD
EUVD-2026-32259
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel From 6.19 (inc) to 6.19.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the Linux kernel's handling of the struct ublksrv_ctrl_cmd, which is part of the io_uring_sqe. The struct may reside in userspace-mapped memory, and accessing its fields with normal loads is unsafe because userspace can modify them concurrently, leading to race conditions. The fix involves using the READ_ONCE() macro to safely copy the struct from the io_uring_sqe to the kernel stack, ensuring a consistent local copy is used instead of directly accessing the potentially changing userspace memory.

Impact Analysis

This vulnerability can lead to race conditions when the kernel accesses data structures shared with userspace. Such race conditions may cause unpredictable behavior, including data corruption, kernel crashes, or security issues due to inconsistent or unexpected data being processed by the kernel.

Mitigation Strategies

The vulnerability involves a race condition in accessing struct ublksrv_ctrl_cmd fields in the Linux kernel. To mitigate this vulnerability, ensure that your Linux kernel is updated to a version where this issue is resolved by using READ_ONCE() to safely copy the struct from io_uring_sqe to the stack.

Applying the latest kernel patches or upgrading to the fixed kernel version is the immediate step to mitigate this vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45975. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart