CVE-2026-45975 PUBLISHED

ublk: use READ_ONCE() to read struct ublksrv_ctrl_cmd

Assigner: Linux
Reserved: 13.05.2026 Published: 27.05.2026 Updated: 27.05.2026

In the Linux kernel, the following vulnerability has been resolved:

ublk: use READ_ONCE() to read struct ublksrv_ctrl_cmd

struct ublksrv_ctrl_cmd is part of the io_uring_sqe, which may lie in userspace-mapped memory. It's racy to access its fields with normal loads, as userspace may write to them concurrently. Use READ_ONCE() to copy the ublksrv_ctrl_cmd from the io_uring_sqe to the stack. Use the local copy in place of the one in the io_uring_sqe.

Product Status

Vendor	Linux
Product	Linux
Versions	Default: unaffected affected from 87213b0d847cd300285b5545598e0548baeb5208 to ce63eda3e6d36e2c253febee1c8421ecbd1a680e (excl.) affected from 87213b0d847cd300285b5545598e0548baeb5208 to ed9f54cc1e335096733aed03c2a46de3d58922ed (excl.)

Vendor	Linux
Product	Linux
Versions	Default: affected Version 6.19 is affected unaffected from 0 to 6.19 (excl.) unaffected from 6.19.4 to 6.19.* (incl.) unaffected from 7.0 to * (incl.)

CVE-2026-45975 PUBLISHED

ublk: use READ_ONCE() to read struct ublksrv_ctrl_cmd

Product Status

References