CVE-2026-43449

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A slab-out-of-bounds issue exists in the nvme-pci component. The problem occurs in the nvme dbbuf set() function due to an incorrect loop condition. The dev->online queues variable tracks the count of queues, where valid indices range from 0 to dev->online queues minus 1. Because the loop condition failed to properly restrict the index, it could access memory outside the allocated slab boundary. Index 0 is specifically excluded as it represents the admin queue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.