Bug 2432674 (CVE-2026-23007) - CVE-2026-23007 kernel: block: zero non-PI portion of auto integrity buffer
Summary: CVE-2026-23007 kernel: block: zero non-PI portion of auto integrity buffer
Keywords:
Status: NEW
Alias: CVE-2026-23007
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-01-25 15:02 UTC by OSIDB Bzimport
Modified: 2026-01-26 09:52 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2026-01-25 15:02:45 UTC 
In the Linux kernel, the following vulnerability has been resolved:

block: zero non-PI portion of auto integrity buffer

The auto-generated integrity buffer for writes needs to be fully
initialized before being passed to the underlying block device,
otherwise the uninitialized memory can be read back by userspace or
anyone with physical access to the storage device. If protection
information is generated, that portion of the integrity buffer is
already initialized. The integrity data is also zeroed if PI generation
is disabled via sysfs or the PI tuple size is 0. However, this misses
the case where PI is generated and the PI tuple size is nonzero, but the
metadata size is larger than the PI tuple. In this case, the remainder
("opaque") of the metadata is left uninitialized.
Generalize the BLK_INTEGRITY_CSUM_NONE check to cover any case when the
metadata is larger than just the PI tuple.
Comment 1 Alexander B 2026-01-26 09:48:43 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026012536-CVE-2026-23007-38b1@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.