CVE-2026-53021
Awaiting Analysis Awaiting Analysis - Queue

Integer Overflow in Linux Kernel SCSI Target Core

Vulnerability report for CVE-2026-53021, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-24

Last updated on: 2026-07-10

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Fix integer overflow in UNMAP bounds check sbc_execute_unmap() checks LBA + range does not exceed the device capacity, but does not guard against LBA + range wrapping around on 64-bit overflow. Add an overflow check matching the pattern already used for WRITE_SAME in the same file.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-24
Last Modified
2026-07-10
Generated
2026-07-15
AI Q&A
2026-06-24
EPSS Evaluated
2026-07-13
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's SCSI target core, specifically in the sbc_execute_unmap() function. The function checks that the Logical Block Addressing (LBA) plus the range does not exceed the device capacity. However, it does not properly guard against an integer overflow when adding LBA and range on 64-bit systems, which can cause the sum to wrap around and bypass the bounds check.

The issue was fixed by adding an overflow check similar to the one already used for the WRITE_SAME command in the same file.

Impact Analysis

An integer overflow in the bounds check could allow an attacker or a malicious process to specify an LBA and range that bypasses the intended device capacity checks. This could potentially lead to out-of-bounds memory access or data corruption on the device, impacting system stability or data integrity.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53021. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart