SB2026061073 - Out-of-bounds write in Linux kernel md driver
Published: June 10, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Out-of-bounds write (CVE-ID: CVE-2026-46294)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged user to cause a buffer overflow.
The vulnerability exists due to a buffer overflow in dm-ioctl retrieve_status when processing device mapper ioctl output buffers. A local privileged user can supply a crafted buffer layout to cause a buffer overflow.
Exploitation requires issuing device mapper ioctls, and the issue does not occur accidentally with commonly used libraries because they use 8-byte-aligned buffer sizes.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/2fa49cc884f6496a915c35621ba4da35649bf159
- https://git.kernel.org/stable/c/448ee8fb79c26a26599ffa4b2adeb4322d3d3d8c
- https://git.kernel.org/stable/c/526ff9126a0ae087b65726e1faf31114c718020d
- https://git.kernel.org/stable/c/5af6a879e915ae7bcd83695c316ebb32e1c61bc2
- https://git.kernel.org/stable/c/8daa6c708ef524089ae43f2aed9190acb26d7df8
- https://git.kernel.org/stable/c/c8c5311237448f6ffeecc9aec2362e3692623668
- https://git.kernel.org/stable/c/d271631023cbe1cbe7c31a0275ab797883be6e0a
- https://git.kernel.org/stable/c/f0b0b09d9840838ae77ccdd6a62de0daef4e6e0a