CVE-2026-46105
Analyzed
Analyzed - Analysis Complete
Kernel Oops Risk in mpt3sas NVMe I/O Handling
Vulnerability report for CVE-2026-46105, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-05-28
Last updated on: 2026-06-25
Assigner: kernel.org
Description
Description
In the Linux kernel, the following vulnerability has been resolved:
scsi: mpt3sas: Limit NVMe request size to 2 MiB
The HBA firmware reports NVMe MDTS values based on the underlying drive
capability. However, because the driver allocates a fixed 4K buffer for
the PRP list, accommodating at most 512 entries, the driver supports a
maximum I/O transfer size of 2 MiB.
Limit max_hw_sectors to the smaller of the reported MDTS and the 2 MiB
driver limit to prevent issuing oversized I/O that may lead to a kernel
oops.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 7.1 |
| linux | linux_kernel | 7.1 |
| linux | linux_kernel | From 6.19 (inc) to 7.0.7 (exc) |
| linux | linux_kernel | From 6.17 (inc) to 6.18.30 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |