SB20260625105 - Improper Validation of Specified Quantity in Input in Linux kernel md driver
Published: June 25, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Improper Validation of Specified Quantity in Input (CVE-ID: CVE-2026-53061)
CWE-ID: CWE-1284 - Improper Validation of Specified Quantity in Input
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause data loss.
The vulnerability exists due to improper state validation in the dm-cache target when resuming a preloaded table in passthrough mode while dirty mappings are present. A local user can preload and resume a crafted dm-cache table configuration to cause data loss.
Exploitation requires local access to device-mapper management and occurs when metadata updates are still ongoing during table preloading.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/01b22656d8a68dbeae59f8b80866e7b11936b20a
- https://git.kernel.org/stable/c/12105c7f18375d7615dad7605d89eadae7eb12a6
- https://git.kernel.org/stable/c/1443c32f24d6d8bcdf4beceef2afc09290b98717
- https://git.kernel.org/stable/c/21c503d60a257e54ca3ac58e2721bd24501d5bde
- https://git.kernel.org/stable/c/322586745bd1a0e5f3559fd1635fdeb4dbd1d6b8
- https://git.kernel.org/stable/c/5c98a3f1d7a554c9e920aa31daf92af6b5bbb8cc
- https://git.kernel.org/stable/c/bd5a2c1018938e6b32670728bdb32a3f0efff00f
- https://git.kernel.org/stable/c/c2e86f647561fcf5e1c6eba7d75e9e0c4299c94d