CVE-2026-52989
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: propagate nvmet_tcp_build_pdu_iovec() errors to its callers Currently, when nvmet_tcp_build_pdu_iovec() detects an out-of-bounds PDU length or offset, it triggers nvmet_tcp_fatal_error(cmd->queue) and returns early. However, because the function returns void, the callers are entirely unaware that a fatal error has occurred and that the cmd->recv_msg.msg_iter was left uninitialized. Callers such as nvmet_tcp_handle_h2c_data_pdu() proceed to blindly overwrite the queue state with queue->rcv_state = NVMET_TCP_RECV_DATA Consequently, the socket receiving loop may attempt to read incoming network data into the uninitialized iterator. Fix this by shifting the error handling responsibility to the callers.
Affected versions
Linux kernel versions
6.1.163,
6.6.124,
6.12.70,
6.18.10,
5.10.250,
5.15.200,
6.19
and later are affected. Fixed in
6.1.175,
6.6.141,
6.12.91,
6.18.33,
7.0.10,
7.1
and their respective stable series.
References
6 totalFrequently asked questions
-
What is CVE-2026-52989?
CVE-2026-52989 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 6.1.163 onward and has been patched in 6.1.175, 6.6.141, 6.12.91 and others. CVE-2026-52989 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
-
Is there a patch available for CVE-2026-52989?
Yes — CVE-2026-52989 has been patched. Fixed versions include 6.1.175, 6.6.141, 6.12.91 and others. If you are running Linux kernel 6.1.163 or later up to the fix versions, apply the relevant patch for your kernel branch.
-
Is CVE-2026-52989 actively exploited?
No — CVE-2026-52989 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.