CVE-2026-23390

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel tracing subsystem contains a flaw in the dma map sg tracepoint. When tracing large scatter-gather lists, the tracepoint can trigger a buffer overflow due to exceeding the PERF MAX TRACE SIZE limit of 8192 bytes. This occurs when devices, such as virtio-gpu, create large Direct Memory Access (DMA) buffers with a high number of entries (nents), potentially exceeding 1000. The overflow is caused by the dynamic arrays used to store physical addresses, DMA addresses, and lengths exceeding the allocated buffer size. The issue is addressed by limiting the size of these dynamic arrays to a maximum of 128 entries using the min() function during array size calculation. This ensures that the arrays are appropriately sized, preventing overflow while minimizing unnecessary memory allocation. The tracepoint now records the full number of entries and a flag indicating if data has been truncated.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.