HOMEVULNERABILITIESCVE-2026-23390
NONE

CVE-2026-23390

Published: March 25, 2026· Updated: Mar 25, 2026

EPSS:0.02%probability of exploitation in 30 daysPercentile:3.9th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

tracing/dma: Cap dma_map_sg tracepoint arrays to prevent buffer overflow

The dma_map_sg tracepoint can trigger a perf buffer overflow when

tracing large scatter-gather lists. With devices like virtio-gpu

creating large DRM buffers, nents can exceed 1000 entries, resulting

in:

phys_addrs: 1000 * 8 bytes = 8,000 bytes

dma_addrs: 1000 * 8 bytes = 8,000 bytes

lengths: 1000 * 4 bytes = 4,000 bytes

Total: ~20,000 bytes

This exceeds PERF_MAX_TRACE_SIZE (8192 bytes), causing:

WARNING: CPU: 0 PID: 5497 at kernel/trace/trace_event_perf.c:405

perf buffer not large enough, wanted 24620, have 8192

Cap all three dynamic arrays at 128 entries using min() in the array

size calculation. This ensures arrays are only as large as needed

(up to the cap), avoiding unnecessary memory allocation for small

operations while preventing overflow for large ones.

The tracepoint now records the full nents/ents counts and a truncated

flag so users can see when data has been capped.

Changes in v2:

- Use min(nents, DMA_TRACE_MAX_ENTRIES) for dynamic array sizing

instead of fixed DMA_TRACE_MAX_ENTRIES allocation (feedback from

Steven Rostedt)

- This allocates only what's needed up to the cap, avoiding waste

for small operations

Reviwed-by: Sean Anderson <[email protected]>

NVD Source

Technical Analysis

CVE-2026-23390 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (3)

Quick Facts

CVE IDCVE-2026-23390
SeverityNONE
CISA KEVNo
EPSS (30d)0.02%
PublishedMar 25, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-23390 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.