{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23093", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.962Z", "datePublished": "2026-02-04T16:08:16.159Z", "dateUpdated": "2026-05-11T21:59:51.936Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:59:51.936Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: smbd: fix dma_unmap_sg() nents\n\nThe dma_unmap_sg() functions should be called with the same nents as the\ndma_map_sg(), not the value the map function returned."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/smb/server/transport_rdma.c"], "versions": [{"version": "0626e6641f6b467447c81dd7678a69c66f7746cf", "lessThan": "f569f5b8bfd5133defdf9c7f8a72c63aa11f54ec", "status": "affected", "versionType": "git"}, {"version": "0626e6641f6b467447c81dd7678a69c66f7746cf", "lessThan": "6ececffd3e9fe93a87738625dc0671165d27bf96", "status": "affected", "versionType": "git"}, {"version": "0626e6641f6b467447c81dd7678a69c66f7746cf", "lessThan": "4d1e9a4a450aae47277763562122cc80ed703ab2", "status": "affected", "versionType": "git"}, {"version": "0626e6641f6b467447c81dd7678a69c66f7746cf", "lessThan": "70ba85e439221a5d6dda34a3004db6640f0525e6", "status": "affected", "versionType": "git"}, {"version": "0626e6641f6b467447c81dd7678a69c66f7746cf", "lessThan": "d1943bc9dc9508f5933788a76f8a35d10e43a646", "status": "affected", "versionType": "git"}, {"version": "0626e6641f6b467447c81dd7678a69c66f7746cf", "lessThan": "98e3e2b561bc88f4dd218d1c05890672874692f6", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/smb/server/transport_rdma.c"], "versions": [{"version": "5.15", "status": "affected"}, {"version": "0", "lessThan": "5.15", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.199", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.162", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.123", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.69", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.8", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "5.15.199"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.1.162"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.6.123"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.12.69"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.18.8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15", "versionEndExcluding": "6.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/f569f5b8bfd5133defdf9c7f8a72c63aa11f54ec"}, {"url": "https://git.kernel.org/stable/c/6ececffd3e9fe93a87738625dc0671165d27bf96"}, {"url": "https://git.kernel.org/stable/c/4d1e9a4a450aae47277763562122cc80ed703ab2"}, {"url": "https://git.kernel.org/stable/c/70ba85e439221a5d6dda34a3004db6640f0525e6"}, {"url": "https://git.kernel.org/stable/c/d1943bc9dc9508f5933788a76f8a35d10e43a646"}, {"url": "https://git.kernel.org/stable/c/98e3e2b561bc88f4dd218d1c05890672874692f6"}], "title": "ksmbd: smbd: fix dma_unmap_sg() nents", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F9487DA-0705-4945-A8B3-1460DE840D0A", "versionEndExcluding": "5.15.199", "versionStartIncluding": "5.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6579E0D4-0641-479D-A4C3-0EF618798C55", "versionEndExcluding": "6.1.162", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "316D8D4E-FE44-4C76-8403-63CAF51EEFC2", "versionEndExcluding": "6.6.123", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F0D11B0-A3DA-4D8F-89B9-CFD2094EBA37", "versionEndExcluding": "6.12.69", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E65C6E79-7EBE-4C77-93F0-818CF5B38F4E", "versionEndExcluding": "6.18.8", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*", "matchCriteriaId": "17B67AA7-40D6-4AFA-8459-F200F3D7CFD1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*", "matchCriteriaId": "C47E4CC9-C826-4FA9-B014-7FE3D9B318B2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*", "matchCriteriaId": "F71D92C0-C023-48BD-B3B6-70B638EEE298", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*", "matchCriteriaId": "13580667-0A98-40CC-B29F-D12790B91BDB", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*", "matchCriteriaId": "CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*", "matchCriteriaId": "3EF854A1-ABB1-4E93-BE9A-44569EC76C0D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: smbd: fix dma_unmap_sg() nents\n\nThe dma_unmap_sg() functions should be called with the same nents as the\ndma_map_sg(), not the value the map function returned."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nksmbd: smbd: correcci\u00f3n de dma_unmap_sg() nents\n\nLas funciones dma_unmap_sg() deben ser llamadas con los mismos nents que la dma_map_sg(), no el valor que la funci\u00f3n de mapeo devolvi\u00f3."}], "id": "CVE-2026-23093", "lastModified": "2026-03-17T21:09:13.137", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-04T17:16:20.177", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4d1e9a4a450aae47277763562122cc80ed703ab2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6ececffd3e9fe93a87738625dc0671165d27bf96"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/70ba85e439221a5d6dda34a3004db6640f0525e6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/98e3e2b561bc88f4dd218d1c05890672874692f6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d1943bc9dc9508f5933788a76f8a35d10e43a646"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f569f5b8bfd5133defdf9c7f8a72c63aa11f54ec"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: ksmbd: smbd: fix dma_unmap_sg() nents", "id": "2436775", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436775"}, "csaw": false, "details": ["No description is available for this CVE."], "name": "CVE-2026-23093", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-02-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23093\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23093\nhttps://lore.kernel.org/linux-cve-announce/2026020426-CVE-2026-23093-db0d@gregkh/T"]}

{"analysis": {"en": {"generated_at": "2026-04-18T13:52:10.461096+00:00", "value": {"mitigation_remediation": ["Upgrade the Linux kernel to a version that includes the CVE\u20112026\u201123093 fix, such as kernel 6.19.x or later.", "If an immediate kernel upgrade is not feasible, apply any distribution\u2011specific backport patches that contain the security fix and ensure the system is not using the affected kernel branches.", "Enable kernel debugging features such as KASAN, page\u2011fault tracking, or runtime checks to detect anomalous DMA mapping/unmapping activity and monitor system logs for signs of memory corruption or instability."], "summary": {"action": "Upgrade Kernel", "impact": "Kernel Crash / Memory Corruption"}, "threat_synthesis": {"affected_systems": "All Linux kernel builds prior to the application of the patch are affected. This includes the mainline 6.19 series, all release candidates from rc1 through rc6, and any earlier stable releases that have not been updated to a fixed kernel. The vulnerability is not limited to a particular distribution but applies to any system running an unpatched kernel where the DMA unmap routine is exercised.", "description_and_impact": "A defect in the Linux kernel caused the dma_unmap_sg() function to be invoked with a count of scatter\u2011gather entries (nents) that did not match the original dma_map_sg() call. This mismatch can lead to improper unmapping of DMA buffers, resulting in memory corruption or kernel crashes. The vulnerability is a state inconsistency that may compromise the integrity and availability of the system.", "risk_and_exploitability": "The CVSS score of 5.5 indicates moderate severity, and the EPSS score of less than 1% implies a very low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog, and no public exploit has been reported. Exploiting this flaw would require privileged kernel access or a preceding vulnerability that allows DMA operation manipulation, making the attack vector non\u2011public and largely theoretical for most environments."}}}}, "created": "2026-04-18T14:00:02.183644+00:00", "updated": "2026-04-18T14:00:02.183667+00:00", "vendors": []}