Integer overflow in Linux kernel - CVE-2026-46023
Published: May 28, 2026
Vulnerability identifier: #VU132473
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-46023
CWE-ID: CWE-190
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to disclose sensitive information.
The vulnerability exists due to integer overflow in create_dirty_log() when parsing a device mapper table string. A local user can supply a crafted param_count value to trigger out-of-bounds reads on the argv array to disclose sensitive information.
How to mitigate CVE-2026-46023
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/17a08791d428885d00e510864283a7b839792368
- https://git.kernel.org/stable/c/35f6b3281efd44d19110574663bc17a610bc73b9
- https://git.kernel.org/stable/c/47dad9eea75d33212d3d2cea10e7ed6a1bfc0713
- https://git.kernel.org/stable/c/4c788c6f921b22f9b6c3f316c4a071c05683e7de
- https://git.kernel.org/stable/c/87c99a50e0fdc68a5b9b52a94d49452cd3ff02ca