FKIE_CVE-2026-23007

Vulnerability from fkie_nvd - Published: 2026-01-25 15:15 - Updated: 2026-01-26 15:03
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: block: zero non-PI portion of auto integrity buffer The auto-generated integrity buffer for writes needs to be fully initialized before being passed to the underlying block device, otherwise the uninitialized memory can be read back by userspace or anyone with physical access to the storage device. If protection information is generated, that portion of the integrity buffer is already initialized. The integrity data is also zeroed if PI generation is disabled via sysfs or the PI tuple size is 0. However, this misses the case where PI is generated and the PI tuple size is nonzero, but the metadata size is larger than the PI tuple. In this case, the remainder ("opaque") of the metadata is left uninitialized. Generalize the BLK_INTEGRITY_CSUM_NONE check to cover any case when the metadata is larger than just the PI tuple.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ca22c566b89164f6e670af56ecc45f47ef3df819
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d6072557b90e0c557df319a56f4a9dc482706d2c
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: zero non-PI portion of auto integrity buffer\n\nThe auto-generated integrity buffer for writes needs to be fully\ninitialized before being passed to the underlying block device,\notherwise the uninitialized memory can be read back by userspace or\nanyone with physical access to the storage device. If protection\ninformation is generated, that portion of the integrity buffer is\nalready initialized. The integrity data is also zeroed if PI generation\nis disabled via sysfs or the PI tuple size is 0. However, this misses\nthe case where PI is generated and the PI tuple size is nonzero, but the\nmetadata size is larger than the PI tuple. In this case, the remainder\n(\"opaque\") of the metadata is left uninitialized.\nGeneralize the BLK_INTEGRITY_CSUM_NONE check to cover any case when the\nmetadata is larger than just the PI tuple."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nbloque: poner a cero la porci\u00f3n no-PI del b\u00fafer de integridad autom\u00e1tico\n\nEl b\u00fafer de integridad autogenerado para escrituras necesita ser completamente inicializado antes de ser pasado al dispositivo de bloque subyacente, de lo contrario la memoria no inicializada puede ser le\u00edda por el espacio de usuario o cualquier persona con acceso f\u00edsico al dispositivo de almacenamiento. Si se genera informaci\u00f3n de protecci\u00f3n, esa porci\u00f3n del b\u00fafer de integridad ya est\u00e1 inicializada. Los datos de integridad tambi\u00e9n se ponen a cero si la generaci\u00f3n de PI est\u00e1 deshabilitada a trav\u00e9s de sysfs o el tama\u00f1o de la tupla PI es 0. Sin embargo, esto omite el caso en que se genera PI y el tama\u00f1o de la tupla PI no es cero, pero el tama\u00f1o de los metadatos es mayor que la tupla PI. En este caso, el resto (\u0027opaco\u0027) de los metadatos se deja sin inicializar.\nGeneralizar la comprobaci\u00f3n BLK_INTEGRITY_CSUM_NONE para cubrir cualquier caso en que los metadatos sean m\u00e1s grandes que solo la tupla PI."
    }
  ],
  "id": "CVE-2026-23007",
  "lastModified": "2026-01-26T15:03:33.357",
  "metrics": {},
  "published": "2026-01-25T15:15:55.580",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/ca22c566b89164f6e670af56ecc45f47ef3df819"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/d6072557b90e0c557df319a56f4a9dc482706d2c"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.