CVE-2026-43163

MEDIUM EPSS 0.6%
Published May 6, 20261mo ago · Modified Jun 17, 20261w ago
4.7 CVSS 3.1
Medium
Find Similar
Published May 6, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: md/bitmap: fix GPF in write_page caused by resize race A General Protection Fault occurs in write_page() during array resize: RIP: 0010:write_page+0x22b/0x3c0 [md_mod] This is a use-after-free race between bitmap_daemon_work() and __bitmap_resize(). The daemon iterates over `bitmap->storage.filemap` without locking, while the resize path frees that storage via md_bitmap_file_unmap(). `quiesce()` does not stop the md thread, allowing concurrent access to freed pages. Fix by holding `mddev->bitmap_info.mutex` during the bitmap update.

CVSS Details

Base Score
4.7
Exploitability
1.0
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
0.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-362

Affected Products 7

VendorProductVersionRange
linuxlinux_kernel*≥3.5  –  <5.10.252
linuxlinux_kernel*≥5.11  –  <5.15.202
linuxlinux_kernel*≥5.16  –  <6.1.165
linuxlinux_kernel*≥6.2  –  <6.6.128
linuxlinux_kernel*≥6.7  –  <6.12.75
linuxlinux_kernel*≥6.13  –  <6.18.16
linuxlinux_kernel*≥6.19  –  <6.19.6

References 8

  • git.kernel.org https://git.kernel.org/stable/c/140cc839fbeb1ddb33a8da8811b716d88d3905b7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/46ef85f854dfa9d5226b3c1c46493d79556c9589
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5f73c8b33df9a605a591eab72d43a969600c1f8c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9a6f8cd28bb9bb6ed86a6df19331fb08016dee7f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a437e3bf30e32846079e470c1ba5ee790bccdf89
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d3af62411e19752c663fe4f424dbf49d95a4cc7c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d92b8fac294b5f915c50e65ce4ae2262e53614ec
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ebcacc7ca22d5e8a03a970f0621ae1d1356b9ae8
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/140cc839fbeb1ddb33a8da8811b716d88d3905b7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/46ef85f854dfa9d5226b3c1c46493d79556c9589
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5f73c8b33df9a605a591eab72d43a969600c1f8c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9a6f8cd28bb9bb6ed86a6df19331fb08016dee7f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a437e3bf30e32846079e470c1ba5ee790bccdf89
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d3af62411e19752c663fe4f424dbf49d95a4cc7c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d92b8fac294b5f915c50e65ce4ae2262e53614ec
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ebcacc7ca22d5e8a03a970f0621ae1d1356b9ae8
    Patch