HOMEVULNERABILITIESCVE-2026-23148
NONE

CVE-2026-23148

Published: February 14, 2026· Updated: Feb 18, 2026

EPSS:0.02%probability of exploitation in 30 daysPercentile:3.7th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference

There is a race condition in nvmet_bio_done() that can cause a NULL

pointer dereference in blk_cgroup_bio_start():

1. nvmet_bio_done() is called when a bio completes

2. nvmet_req_complete() is called, which invokes req->ops->queue_response(req)

3. The queue_response callback can re-queue and re-submit the same request

4. The re-submission reuses the same inline_bio from nvmet_req

5. Meanwhile, nvmet_req_bio_put() (called after nvmet_req_complete)

invokes bio_uninit() for inline_bio, which sets bio->bi_blkg to NULL

6. The re-submitted bio enters submit_bio_noacct_nocheck()

7. blk_cgroup_bio_start() dereferences bio->bi_blkg, causing a crash:

BUG: kernel NULL pointer dereference, address: 0000000000000028

#PF: supervisor read access in kernel mode

RIP: 0010:blk_cgroup_bio_start+0x10/0xd0

Call Trace:

submit_bio_noacct_nocheck+0x44/0x250

nvmet_bdev_execute_rw+0x254/0x370 [nvmet]

process_one_work+0x193/0x3c0

worker_thread+0x281/0x3a0

Fix this by reordering nvmet_bio_done() to call nvmet_req_bio_put()

BEFORE nvmet_req_complete(). This ensures the bio is cleaned up before

the request can be re-submitted, preventing the race condition.

NVD Source

Technical Analysis

CVE-2026-23148 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (3)

Quick Facts

CVE IDCVE-2026-23148
SeverityNONE
CISA KEVNo
EPSS (30d)0.02%
PublishedFeb 14, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-23148 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.