CVE-2026-23174

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the nvme-pci subsystem related to handling changes in device Direct Memory Access (DMA) map requirements. Specifically, the dma needs unmap state can change during data iterator mapping, potentially leading to a NULL dereference when accessing uninitialized dma vecs if the device's DMA unmapping requirements change mid-iteration. This occurs when enabling swiotlb, which can alter the DMA mapping requirements. The driver needs to save mapped DMA vectors for later unmapping, allocating them as needed during iteration rather than assuming initial allocation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.