CVE-2026-46051

A flaw was found in the Linux kernel's md/raid5 component. When the retryalignedread function encounters an overlapped stripe, an issue in how stripes are released and processed can lead to an infinite loop. This prevents the system from resolving the overlap, resulting in a soft lockup and a...

CVE-2026-46070

A flaw was found in the Linux kernel's md/raid5 component. This vulnerability arises from insufficient validation of payload sizes within journal metadata blocks. A local attacker can exploit this by providing a corrupted journal, leading to out-of-bounds reads when the system processes payload...

CVE-2026-46070

In the Linux kernel, the following vulnerability has been resolved: md/raid5: validate payload size before accessing journal metadata r5crecoveryanalyzemetablock and r5lrecoveryverifydatachecksumformb iterate over payloads in a journal metadata block using on-disk payload size fields without...

UBUNTU-CVE-2026-45953

In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix IO hang with degraded array with llbitmap When llbitmap bit state is still unwritten, any new write should force rcw, as bitmapops-blockssynced is checked in handlestripedirtying. However, later the same check is...

CVE-2026-46070

CVE-2026-46070 pertains to the Linux kernel md/raid5 path where journal metadata blocks could be overrun due to missing validation of on-disk payload sizes. r5c_recovery_analyze_meta_block() and r5l_recovery_verify_data_checksum_for_mb() may read or offset beyond a page boundary when payload size...

CVE-2026-46070

In the Linux kernel, the following vulnerability has been resolved: md/raid5: validate payload size before accessing journal metadata r5crecoveryanalyzemetablock and r5lrecoveryverifydatachecksumformb iterate over payloads in a journal metadata block using on-disk payload size fields without...

CVE-2026-46051

The CVE-2026-46051 entry concerns the Linux kernel md/raid5 layer. It fixes a soft lockup in retry_aligned_read() when encountering an overlapped stripe. The bug occurs because a stripe released via raid5_release_stripe() enters the released_stripes list, and in the next raid5d loop, release_stri...

CVE-2026-45953

The CVE affects the Linux kernel md/raid5, where an IO hang can occur on degraded arrays using llbitmap. Root cause: the check bitmap_ops->blocks_synced() is present in handle_stripe_dirtying() but is missing in need_this_block(), causing stripe handling to deadlock as handle_stripe() routes t...

Linux Distros Unpatched Vulnerability : CVE-2026-46051

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - md/raid5: fix soft lockup in retryalignedread When retryalignedread encounters an overlapped stripe, it releases the stripe via raid5releasestripe which puts it...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: md/raid5: Unnecessary bioput calls in raid5readonechunk have been removed. When performing chunk-sized reads on disks with badblocks, it was observed that calls to biofree and bioput were duplicated...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix deadlock that raid5d wait for itself to clear MDSBCHANGEPENDING Xiao reported that lvm2 test lvconvert-raid-takeover.sh can hang with small possibility, the root cause is exactly the same as commit bed9e27baf52...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: md/raid5-cache: fix a deadlock in r5lexitlog Commit b13015af94cf "md/raid5-cache: Clear conf-log after finishing work" introduce a new problem: // caller hold reconfigmutex r5lexitlog flushwork&log-disablewritebackwork...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix possible null-pointer dereferences in raid5storegroupthreadcnt The variable mddev-private is first assigned to conf and then checked: conf = mddev-private; if !conf ... If conf is NULL, then mddev-private is also...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004840)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004840 advisory. In the Linux kernel, the following vulnerability has been resolved: drivers:md:fix a potential use-after-free bug In line 2884, raid5releasestripesh %NASLMINLEVEL...

SUSE CVE-2025-71135

In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix possible null-pointer dereferences in raid5storegroupthreadcnt The variable mddev-private is first assigned to conf and then checked: conf = mddev-private; if !conf ... If conf is NULL, then mddev-private is also...

CVE-2025-71135

In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix possible null-pointer dereferences in raid5storegroupthreadcnt The variable mddev-private is first assigned to conf and then checked: conf = mddev-private; if !conf ... If conf is NULL, then mddev-private is also...

UBUNTU-CVE-2025-71135

In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix possible null-pointer dereferences in raid5storegroupthreadcnt The variable mddev-private is first assigned to conf and then checked: conf = mddev-private; if !conf ... If conf is NULL, then mddev-private is also...

CVE-2025-71135

In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix possible null-pointer dereferences in raid5storegroupthreadcnt The variable mddev-private is first assigned to conf and then checked: conf = mddev-private; if !conf ... If conf is NULL, then mddev-private is also...

CVE-2025-71135

In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix possible null-pointer dereferences in raid5storegroupthreadcnt The variable mddev-private is first assigned to conf and then checked: conf = mddev-private; if !conf ... If conf is NULL, then mddev-private is also...

MiracleLinux 7 : kernel-3.10.0-1160.119.1.0.8.el7.AXS7 (AXSA:2025-9625:10)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9625:10 advisory. media: edia: dvbdev: fix a use-after-free CVE-2024-27043 btrfs: dev-replace: properly validate device names CVE-2024-26791 KVM: nSVM: Ignore nCR34:0...