CVE-2026-53124

A flaw was found in the ublk subsystem of the Linux kernel. When a ublk server fails to complete all I/O input/output operations, a per-I/O cancellation flag may remain set. This prevents the successful cancellation of outstanding I/O commands, potentially leading to resource exhaustion or a deni...

CVE-2026-45975

A flaw was found in the Linux kernel's ublk subsystem. A local attacker could exploit a race condition where the kernel reads struct ublksrvctrlcmd from userspace-mapped memory without proper synchronization. This allows a malicious user to concurrently write to the structure, potentially causing...

CVE-2026-43364

A flaw was found in the Linux kernel's ublk subsystem. A local user can trigger a NULL pointer dereference by sending an UPDATESIZE command to a ublk device that has been added but not yet started, or one that has been stopped. This occurs due to insufficient state validation before dereferencing...

CVE-2023-53508 ublk: fail to start device if queue setup is interrupted

In the Linux kernel, the following vulnerability has been resolved: ublk: fail to start device if queue setup is interrupted In ublkctrlstartdev, if waitforcompletioninterruptible is interrupted by signal, queues aren't setup successfully yet, so we have to fail UBLKCMDSTARTDEV, otherwise kernel...

CVE-2025-37906 ublk: fix race between io_uring_cmd_complete_in_task and ublk_cancel_cmd

In the Linux kernel, the following vulnerability has been resolved: ublk: fix race between iouringcmdcompleteintask and ublkcancelcmd ublkcancelcmd calls iouringcmddone to complete uringcmd, but we may have scheduled task work via iouringcmdcompleteintask for dispatching request, then kernel cras...