CVE-2026-23007

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> block: zero non-PI portion of auto integrity buffer<br /> <br /> The auto-generated integrity buffer for writes needs to be fully<br /> initialized before being passed to the underlying block device,<br /> otherwise the uninitialized memory can be read back by userspace or<br /> anyone with physical access to the storage device. If protection<br /> information is generated, that portion of the integrity buffer is<br /> already initialized. The integrity data is also zeroed if PI generation<br /> is disabled via sysfs or the PI tuple size is 0. However, this misses<br /> the case where PI is generated and the PI tuple size is nonzero, but the<br /> metadata size is larger than the PI tuple. In this case, the remainder<br /> ("opaque") of the metadata is left uninitialized.<br /> Generalize the BLK_INTEGRITY_CSUM_NONE check to cover any case when the<br /> metadata is larger than just the PI tuple.