779 matches found
CVE-2026-46023
CVE-2026-46023 is a Linux kernel vulnerability in dm-mirror where create_dirty_log() could bypass argc checks due to an unsigned add of 2 + param_count, allowing an out-of-bounds read in argv when param_count is near UINT_MAX. The root cause is an overflow in argument count calculation before val...
CVE-2026-46023
In the Linux kernel, the following vulnerability has been resolved: dm mirror: fix integer overflow in createdirtylog The argument count calculation in createdirtylog performs argsused = 2 + paramcount before validating against argc. When a user provides a paramcount close to UINTMAX via the devi...
CVE-2026-46023
dm mirror: fix integer overflow in createdirtylog...
PT-2026-43890
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An integer overflow exists in the create dirty log function within the dm mirror component. The calculation args used = 2 + param count occurs before validating against argc. If a user...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: dm integrity: Memory corruption occurs when tagsize is less than digestsize. It is possible to configure dm-integrity in such a way that the tagsize parameter is smaller than the actual digestsize. In this case, a portion of the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: dm: Clearing the clone request’s bio pointer when the last cloned bio is freed It was observed that stale values of rq-bio could lead to double initialization of cloned bios in request-based device-mapper targets, resulting in...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: dm mpath: Added the missing dmputdevice call when failing to obtain the scsi dh name. When commit fd81bc5cca8f “scsi: devicehandler: Returning an error pointer in scsidhattachedhandlername”, code was added to fail the parsing of...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: dm: A crash occurs if blkallocdisk fails. If blkallocdisk fails, the variable md-disk is set to an error value. cleanupmappeddevice will notice that md-disk is non-NULL and will attempt to access it, resulting in a crash at the...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: dm: fixed a NULL pointer race issue when completing IO operations. The dmiodecpending function calls endioacct first, and then decreases the number of pending DMA operations. However, if a task swaps the DM table at the same...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerability has been resolved: dm rq: Fixed a double-free of blkmqtagset when removing a device after table loading fails. When loading a device-mapper table for a request-based mapped device, and the allocation/initialization of the blkmqtagset for the device...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: In the dmstats function, check for and propagate the allocpercpu failure. Check the return value of allocprecpu, and return an error from dmstatsinit if it fails. Update allocdev to fail if dmstatsinit does. Otherwise, a NULL...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: dm: Fix NULL pointer dereferencing in dmsuspend. There is a race condition between the suspension of the dm device and the loading of data into the table, which can lead to a NULL pointer dereferencing. This issue occurs when the...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: dm thin: Make getfirstthin use rcu-safe list first function. The documentation in rculist.h explains the absence of listemptyrcu and warns programmers against relying on a sequence of listempty - listfirst in RCU-safe code. This ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: dm rq: Do not queue the request to blk-mq during DM suspension. DM uses blk-mq's quiesce/unquiesce to stop/start the device mapper queue. However, blk-mq's unquiesce may be triggered by external events, such as changes in the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: dmarraycursorend: Fix to prevent releasing a faulty array block twice when using dmarraycursorend. When dmbmreadlock fails due to locking or checksum errors, it releases the faulty block implicitly, leaving an invalid output...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: dm cache: fix out-of-bounds access to the dirty bitset when resizing dm-cache checks the dirty bits of the cache blocks to be dropped when shrinking the fast device, but an index bug in bitset iteration causes out-of-bounds acces...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: - dm clone: Fixed a UAF Use-after-Free in clonedtr. - Dmclone also has the same UAF issue when dmresume and dmdestroy are executed concurrently. Therefore, the timer is canceled again in clonedtr...
kernel: Linux kernel: Denial of Service via deadlock in block layer sysfs store callbacks
A flaw was found in the Linux kernel. A local user could exploit a vulnerability where freezing the request queue within certain sysfs store callbacks can lead to a deadlock. This issue may occur when combined with the device-mapper multipath dm-multipath driver and the queueifnopath option, or...
kernel: dm: fix NULL pointer dereference in __dm_suspend()
In the Linux kernel, the following vulnerability has been resolved: dm: fix NULL pointer dereference in dmsuspend There is a race condition between dm device suspend and table load that can lead to null pointer dereference. The issue occurs when suspend is invoked before table load completes: BUG...
SUSE CVE-2026-43309
In the Linux kernel, the following vulnerability has been resolved: md raid: fix hang when stopping arrays with metadata through dm-raid When using device-mapper's dm-raid target, stopping a RAID array can cause the system to hang under specific conditions. This occurs when: - A dm-raid managed...