CVE-2026-22998

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the nvme-tcp subsystem, specifically in the nvmet tcp build pdu iovec() function. This function can dereference null pointers without proper checks when processing H2C DATA Protocol Data Units (PDUs). This can occur before a CONNECT command or NVMe write command is sent, or during READ commands where cmd->req.sg is allocated but cmd->iov is null. The issue stems from a lack of validation of cmd->req.sg and cmd->iov before they are used, potentially leading to a kernel panic. The fix involves adding validation checks for both pointers before calling nvmet tcp build pdu iovec(). Attack vectors include sending H2C DATA PDUs before a CONNECT command, sending H2C DATA PDUs for READ commands, or utilizing uninitialized command slots.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.