Linux Kernel OMAP Crypto: Incorrect Scatterlist Allocation
CVE-2026-23222 Published on February 18, 2026
crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly
In the Linux kernel, the following vulnerability has been resolved:
crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly
The existing allocation of scatterlists in omap_crypto_copy_sg_lists()
was allocating an array of scatterlist pointers, not scatterlist objects,
resulting in a 4x too small allocation.
Use sizeof(*new_sg) to get the correct object size.
Products Associated with CVE-2026-23222
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version 74ed87e7e7f7197137164738dd0610ccd5ec5ed1 and below 953c81941b0ad373674656b8767c00234ebf17ac is affected.
- Version 74ed87e7e7f7197137164738dd0610ccd5ec5ed1 and below 31aff96a41ae6f1f1687c065607875a27c364da8 is affected.
- Version 74ed87e7e7f7197137164738dd0610ccd5ec5ed1 and below 79f95b51d4278044013672c27519ae88d07013d8 is affected.
- Version 74ed87e7e7f7197137164738dd0610ccd5ec5ed1 and below 6edf8df4bd29f7bfd245b67b2c31d905f1cfc14b is affected.
- Version 74ed87e7e7f7197137164738dd0610ccd5ec5ed1 and below c184341920ed78b6466360ed7b45b8922586c38f is affected.
- Version 74ed87e7e7f7197137164738dd0610ccd5ec5ed1 and below 2ed27b5a1174351148c3adbfc0cd86d54072ba2e is affected.
- Version 74ed87e7e7f7197137164738dd0610ccd5ec5ed1 and below d1836c628cb72734eb5f7dfd4c996a9c18bba3ad is affected.
- Version 74ed87e7e7f7197137164738dd0610ccd5ec5ed1 and below 1562b1fb7e17c1b3addb15e125c718b2be7f5512 is affected.
- Version 4.13 is affected.
- Before 4.13 is unaffected.
- Version 5.10.251, <= 5.10.* is unaffected.
- Version 5.15.201, <= 5.15.* is unaffected.
- Version 6.1.164, <= 6.1.* is unaffected.
- Version 6.6.125, <= 6.6.* is unaffected.
- Version 6.12.72, <= 6.12.* is unaffected.
- Version 6.18.11, <= 6.18.* is unaffected.
- Version 6.19.1, <= 6.19.* is unaffected.
- Version 7.0-rc1, <= * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.