CVE-2026-23390

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> tracing/dma: Cap dma_map_sg tracepoint arrays to prevent buffer overflow<br /> <br /> The dma_map_sg tracepoint can trigger a perf buffer overflow when<br /> tracing large scatter-gather lists. With devices like virtio-gpu<br /> creating large DRM buffers, nents can exceed 1000 entries, resulting<br /> in:<br /> <br /> phys_addrs: 1000 * 8 bytes = 8,000 bytes<br /> dma_addrs: 1000 * 8 bytes = 8,000 bytes<br /> lengths: 1000 * 4 bytes = 4,000 bytes<br /> Total: ~20,000 bytes<br /> <br /> This exceeds PERF_MAX_TRACE_SIZE (8192 bytes), causing:<br /> <br /> WARNING: CPU: 0 PID: 5497 at kernel/trace/trace_event_perf.c:405<br /> perf buffer not large enough, wanted 24620, have 8192<br /> <br /> Cap all three dynamic arrays at 128 entries using min() in the array<br /> size calculation. This ensures arrays are only as large as needed<br /> (up to the cap), avoiding unnecessary memory allocation for small<br /> operations while preventing overflow for large ones.<br /> <br /> The tracepoint now records the full nents/ents counts and a truncated<br /> flag so users can see when data has been capped.<br /> <br /> Changes in v2:<br /> - Use min(nents, DMA_TRACE_MAX_ENTRIES) for dynamic array sizing<br /> instead of fixed DMA_TRACE_MAX_ENTRIES allocation (feedback from<br /> Steven Rostedt)<br /> - This allocates only what&amp;#39;s needed up to the cap, avoiding waste<br /> for small operations<br /> <br /> Reviwed-by: Sean Anderson