CVE-2026-43055

scsi: target: file: Use kzalloc_flex for aio_cmd

Assigner: Linux
Reserved: 01.05.2026 Published: 01.05.2026 Updated: 01.05.2026

In the Linux kernel, the following vulnerability has been resolved:

scsi: target: file: Use kzalloc_flex for aio_cmd

The target_core_file doesn't initialize the aio_cmd->iocb for the ki_write_stream. When a write command fd_execute_rw_aio() is executed, we may get a bogus ki_write_stream value, causing unintended write failure status when checking iocb->ki_write_stream > max_write_streams in the block device.

Let's just use kzalloc_flex when allocating the aio_cmd and let ki_write_stream=0 to fix this issue.

Product Status

Vendor	Linux
Product	Linux
Versions	Default: unaffected affected from 732f25a2895a8c1c54fb56544f0b1e23770ef4d7 to ce54802fe6bb78eb0feffc66fed6a45d41ffc3ab (excl.) affected from 732f25a2895a8c1c54fb56544f0b1e23770ef4d7 to 4eaff1728d0e69b95933412241bbccf4f797dba8 (excl.) affected from 732f25a2895a8c1c54fb56544f0b1e23770ef4d7 to 01f784fc9d0ab2a6dac45ee443620e517cb2a19b (excl.)

Vendor

Linux

Product

Linux

Versions

Default: unaffected

affected from 732f25a2895a8c1c54fb56544f0b1e23770ef4d7 to ce54802fe6bb78eb0feffc66fed6a45d41ffc3ab (excl.)
affected from 732f25a2895a8c1c54fb56544f0b1e23770ef4d7 to 4eaff1728d0e69b95933412241bbccf4f797dba8 (excl.)
affected from 732f25a2895a8c1c54fb56544f0b1e23770ef4d7 to 01f784fc9d0ab2a6dac45ee443620e517cb2a19b (excl.)

Vendor	Linux
Product	Linux
Versions	Default: affected Version 6.16 is affected unaffected from 0 to 6.16 (excl.) unaffected from 6.18.22 to 6.18.* (incl.) unaffected from 6.19.12 to 6.19.* (incl.) unaffected from 7.0 to * (incl.)

Vendor

Linux

Product

Linux

Versions

Default: affected

Version 6.16 is affected
unaffected from 0 to 6.16 (excl.)
unaffected from 6.18.22 to 6.18.* (incl.)
unaffected from 6.19.12 to 6.19.* (incl.)
unaffected from 7.0 to * (incl.)

References

CVE-2026-43055 PUBLISHED

scsi: target: file: Use kzalloc_flex for aio_cmd

Product Status

References