External risk intelligence

Linux Kernel NVMe-oF TCP Vulnerability.

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2026-23112

A vulnerability in the Linux kernel's NVMe-oF TCP component allows an attacker to cause system instability or crashes by sending specially crafted data. This could lead to denial of service for storage infrastructure. Organizations using affected Linux kernel versions should update their systems to mitigate this risk.

2Halo Surface Signal

Out-of-bounds Write

Linux Kernel

5.0 to before 5.10.2505.11 to before 5.15.2005.16 to before 6.1.1636.2 to before 6.6.1246.7 to before 6.12.706.13 to before 6.18.106.19

External exposure likelihood

Halo Surface Signal score for CVE-2026-23112

The vulnerability exists in the Linux kernel's NVMe over Fabrics (NVMe-oF) TCP transport layer. While this is a network-accessible service, NVMe-oF is typically deployed within isolated, high-performance backend storage networks or data center fabrics rather than being exposed directly to the public internet.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Horizon Alert

Summary of the vulnerability and why it matters

The Linux kernel contains a vulnerability within its NVMe over Fabrics (NVMe-oF) TCP transport layer. This flaw could allow an attacker to manipulate PDU lengths or offsets, leading to unintended system behavior. The potential impact includes system instability and unauthorized data manipulation.

  • Linux kernel's NVMe-oF TCP component
  • Improper bounds checking
  • System instability and data integrity issues

Attack Path

How an attacker could exploit the issue

The Linux kernel's NVMe over Fabrics TCP transport component contains a vulnerability that could allow an attacker to gain control. This occurs when processing specific input that exceeds expected boundaries, leading to a system crash or potential execution of unauthorized code. Organizations using affected Linux kernel versions are at risk if this component is accessible.

  • Network access to the service
  • Attacker sends crafted input
  • System crashes or grants control

Live Threat

Current exploitation, exposure, and threat context

The Linux kernel contains a vulnerability in the nvmet-tcp component that could allow for unauthorized access and potential data compromise. This issue is present in various versions of the Linux kernel. The vulnerability has been addressed in subsequent updates, and organizations using affected versions should consider updating their systems to mitigate the risk.

  • Attackers with low skill are likely to exploit.
  • No access or conditions are required.
  • Significant business risk and urgency.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability in the Linux kernel could allow an attacker to gain control of systems through the NVMe-oF TCP network protocol. The issue arises from a bounds check failure within the `nvmet_tcp_build_pdu_iovec` function, which could lead to system instability or crashes when processing specific PDU lengths or offsets. Addressing this requires identifying and securing affected Linux kernel instances.

  • Find Linux kernel assets.
  • Reduce network exposure.
  • Fix, verify, and monitor.

Frequently asked questions

What is the Linux kernel's nvmet-tcp component and its role in storage networking?

The nvmet-tcp component is part of the Linux kernel and manages the NVMe over Fabrics (NVMe-oF) protocol using TCP. NVMe-oF enables high-performance access to storage devices across a network, commonly utilized in data center environments for efficient data handling.

What type of weakness does CVE-2026-23112 represent in the Linux kernel?

CVE-2026-23112 is classified as an 'Out-of-bounds Write' (CWE-787). This vulnerability occurs when code attempts to write data beyond the boundaries of an allocated buffer, potentially leading to memory corruption or system crashes.

How might an attacker exploit the Linux kernel's nvmet-tcp vulnerability?

An attacker could exploit this vulnerability by sending specially crafted input that manipulates PDU lengths or offsets. This could cause the `nvmet_tcp_build_pdu_iovec` function to process data incorrectly, leading to issues such as a kernel-level crash (GPF/KASAN).

What is the relevance of CVE-2026-23112 given the typical deployment of NVMe-oF?

While the vulnerability is network-accessible, NVMe-oF is generally deployed in secure, internal storage networks within data centers, not typically exposed to the public internet. This suggests a lower likelihood of external exploitation, though internal network threats remain a concern.

What are the recommended steps to address the Linux kernel nvmet-tcp vulnerability?

To address this vulnerability, organizations should identify all Linux kernel assets using affected versions. It is recommended to reduce the network exposure of these components where possible, apply the necessary security updates or patches to fix the issue, and then verify the remediation. Continuous monitoring of these systems is also advised.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified