SB20260325170 - NULL Pointer Dereference in Linux kernel block drbd driver
Published: March 25, 2026
Security Bulletin ID
SB20260325170
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL Pointer Dereference (CVE-ID: CVE-2026-23285)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a null pointer dereference in the DRBD (Distributed Replicated Block Device) component when handling a local read error. A local user can trigger a specially crafted I/O operation to cause a denial of service.
Exploitation requires access to the DRBD subsystem and the ability to initiate block device I/O operations.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0d195d3b205ca90db30d70d09d7bb6909aac178f
- https://git.kernel.org/stable/c/1e906c08594c8f9a6a524f38ede2c4e051196106
- https://git.kernel.org/stable/c/4e8935053ba389ae8d6685c10854d8021931bd89
- https://git.kernel.org/stable/c/6f1d1614f841d91a4169db65812ffd1271735b42
- https://git.kernel.org/stable/c/91df51d2df0ca4fd3281f73626341563d64a98a5