{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-52989/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-06-28T06:37:43.647Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-52989","@id":"https://www.cve.org/CVERecord?id=CVE-2026-52989","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: propagate nvmet_tcp_build_pdu_iovec() errors to its callers\n\nCurrently, when nvmet_tcp_build_pdu_iovec() detects an out-of-bounds\nPDU length or offset, it triggers nvmet_tcp_fatal_error(cmd->queue)\nand returns early. However, because the function returns void, the\ncallers are entirely unaware that a fatal error has occurred and\nthat the cmd->recv_msg.msg_iter was left uninitialized.\n\nCallers such as nvmet_tcp_handle_"},"products":[{"@id":"cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*"}},{"@id":"cpe:2.3:a:linux:linux:6.19:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:linux:linux:6.19:*:*:*:*:*:*:*"}}],"status":"affected","action_statement":"Update to a fixed version: 0, 046fa5c72d15cd8e2d592e275697ea399d8f76b0, 3df42a854686fa06484e37ac1a3931c8e3e3453c, 5.11, 5.16, 6.1.175, 6.6.141, 6.12.91, 6.18.33, 7.0.10, 7.1, c2a11441538bdbbc5aa003f190995eba93a89b88, d7c8f95f599b3b38a717d2e771c3f8c174f657c3, ea8e356acb165cb1fd75537a52e1f66e5e76c538, f9204a2b78dd18374d3bcf9bf93d9021ce22de1b.","timestamp":"2026-06-28T06:37:43.647Z"}]}