Vulnerability DatabaseCVE-2026-23174

CVE-2026-23174:
Linux Debian vulnerability analysis and mitigation

In the Linux kernel, the following vulnerability has been resolved:

nvme-pci: handle changing device dma map requirements

The initial state of dma_needs_unmap may be false, but change to true while mapping the data iterator. Enabling swiotlb is one such case that can change the result. The nvme driver needs to save the mapped dma vectors to be unmapped later, so allocate as needed during iteration rather than assume it was always allocated at the beginning. This fixes a NULL dereference from accessing an uninitialized dma_vecs when the device dma unmapping requirements change mid-iteration.

Source: NVD

View vulnerable instances

Not a customer? See how Wiz maps CVEs like this one to real cloud attack paths.

Watch 12-min demo

Published February 14, 2026

CNA Score N/A

Affected Technologies

Linux Debian
Linux Ubuntu

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 7.2

Exploitation Probability (EPSS) N/A

Affected packages and libraries

linux-aws
linux-aws-6.17

Sources

NVD
Debian Security Tracker
- Debian 14 Has FixAdded at: Feb 15, 2026
Ubuntu Security Tracker
- Ubuntu 16.04, 18.04, 20.04 Severity MEDIUMNo FixAdded at: Feb 16, 2026
- Ubuntu 24.04, 25.10 Severity MEDIUMNo FixAdded at: Feb 18, 2026

Get a CVE risk assessment

Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.

Request assessment

Related Linux Debian vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-41445	HIGH	8.7	Linux Debian	kissfft	No	No	Apr 20, 2026
CVE-2026-28684	MEDIUM	6.6	Linux Debian	python-dotenv	No	No	Apr 20, 2026
CVE-2026-6654	MEDIUM	5.1	Rust	thin-vec	No	Yes	Apr 20, 2026
CVE-2026-3219	MEDIUM	4.6	Linux Debian	python-pip	No	No	Apr 20, 2026
CVE-2026-5958	LOW	2.1	Linux Debian	sed	No	No	Apr 20, 2026