CVE-2026-52989
Received Received - Intake
BaseFortify

Publication date: 2026-06-24

Last updated on: 2026-06-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: propagate nvmet_tcp_build_pdu_iovec() errors to its callers Currently, when nvmet_tcp_build_pdu_iovec() detects an out-of-bounds PDU length or offset, it triggers nvmet_tcp_fatal_error(cmd->queue) and returns early. However, because the function returns void, the callers are entirely unaware that a fatal error has occurred and that the cmd->recv_msg.msg_iter was left uninitialized. Callers such as nvmet_tcp_handle_h2c_data_pdu() proceed to blindly overwrite the queue state with queue->rcv_state = NVMET_TCP_RECV_DATA Consequently, the socket receiving loop may attempt to read incoming network data into the uninitialized iterator. Fix this by shifting the error handling responsibility to the callers.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-24
Last Modified
2026-06-24
Generated
2026-06-25
AI Q&A
2026-06-24
EPSS Evaluated
N/A
NVD
CVE-2026-52989
EUVD
EUVD-2026-38857
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's nvmet-tcp component. Specifically, the function nvmet_tcp_build_pdu_iovec() detects errors such as out-of-bounds PDU length or offset and triggers a fatal error, but because it returns void, its callers do not know an error occurred. As a result, callers like nvmet_tcp_handle_h2c_data_pdu() continue processing and overwrite queue state, leading to attempts to read network data into an uninitialized iterator. This improper error propagation can cause unexpected behavior in the network data handling.

Impact Analysis

The vulnerability can cause the Linux kernel's network receiving loop to operate on uninitialized data structures, potentially leading to memory corruption or crashes. This may affect system stability and reliability when handling network data over nvmet-tcp, possibly resulting in denial of service or other unpredictable behavior.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-52989. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart