A number of stack smashing issues were reported across several userspace components that use libnvme, on all distros across variety of PCIe NVMe drives.

As explained in https://github.com/linux-nvme/nvme-cli/pull/2051:

The kernel supports since v5.2 direct mapped DMA buffers to userspace.
Up to this point a bounce buffer was involved. Because the buffers are
now directly accessed by the device, the rules of alignment also apply
for the payloads.

Furthermore, ensure that the buffer is a multiple of 4k, because there
are devices on the market which will always transfer a multiple of 4k,
even if we ask for less, e.g 512 bytes. This avoid stack smashes.

The work is tracked upstream in https://github.com/linux-nvme/libnvme/issues/684 and https://github.com/linux-nvme/libnvme/issues/728.

The most important fix to backport in 9.4 is https://github.com/linux-nvme/libnvme/pull/727. This one has been tested by the community on affected drives.

There are more related fixes that haven't gone through such extensive testing and may not be as important: https://github.com/linux-nvme/libnvme/pull/731