2025-12-24 13:05:49
Linux
PUBLISHED
In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix mempool alloc size Convert the max size to bytes to match the units of the divisor that calculates the worst-case number of PRP entries. The result is used to determine how many PRP Lists are required. The code was previously rounding this to 1 list, but we can require 2 in the worst case. In that scenario, the driver would corrupt memory beyond the size provided by the mempool. While unlikely to occur (youd need a 4MB in exactly 127 phys segments on a queue that doesnt support SGLs), this memory corruption has been observed by kfence.