Integer underflow in Linux kernel - CVE-2026-46050
Published: May 28, 2026
Vulnerability identifier: #VU132441
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-46050
CWE-ID: CWE-191
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to an integer underflow in the md/raid10 request handling logic when processing nowait I/O requests during an array check operation. A local user can issue nowait I/O on the same array while a check operation is running to cause a denial of service.
The issue can cause the md resync thread and other requests to become stuck waiting on the barrier state.
How to mitigate CVE-2026-46050
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/1cdff2937c618f81058422bbdc4974a3e7ec9379
- https://git.kernel.org/stable/c/42fe37c90184cd1568838b84b488934c3671c963
- https://git.kernel.org/stable/c/7d96f3120a7fb7210d21b520c5b6f495da6ba436
- https://git.kernel.org/stable/c/965d6162dd88cc7cc193cf7f5bfc132d8bbf0523
- https://git.kernel.org/stable/c/cac2106bb9a2180b288079b49ed626414fb5bc45