SB2026052860 - Integer overflow in Linux kernel md driver
Published: May 28, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Integer overflow (CVE-ID: CVE-2026-46023)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to disclose sensitive information.
The vulnerability exists due to integer overflow in create_dirty_log() when parsing a device mapper table string. A local user can supply a crafted param_count value to trigger out-of-bounds reads on the argv array to disclose sensitive information.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/17a08791d428885d00e510864283a7b839792368
- https://git.kernel.org/stable/c/35f6b3281efd44d19110574663bc17a610bc73b9
- https://git.kernel.org/stable/c/47dad9eea75d33212d3d2cea10e7ed6a1bfc0713
- https://git.kernel.org/stable/c/4c788c6f921b22f9b6c3f316c4a071c05683e7de
- https://git.kernel.org/stable/c/87c99a50e0fdc68a5b9b52a94d49452cd3ff02ca