CVE-2026-46023

MEDIUM EPSS 3.0%
Published May 27, 20261mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 27, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: dm mirror: fix integer overflow in create_dirty_log() The argument count calculation in create_dirty_log() performs `*args_used = 2 + param_count` before validating against argc. When a user provides a param_count close to UINT_MAX via the device mapper table string, this unsigned addition wraps around to a small value, causing the subsequent `argc < *args_used` check to be bypassed. The overflowed param_count is then passed as argc to dm_dirty_log_create(), where it can cause out-of-bounds reads on the argv array. Fix by comparing param_count against argc - 2 before performing the addition, following the same pattern used by parse_features() in the same file. Since argc >= 2 is already guaranteed, the subtraction is safe.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
3.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-190 Integer Overflow or Wraparound Numeric Error

Affected Products 12

VendorProductVersionRange
linuxlinux_kernel*≥2.6.12.1  –  <5.10.258
linuxlinux_kernel*≥5.11  –  <5.15.209
linuxlinux_kernel*≥5.16  –  <6.1.175
linuxlinux_kernel*≥6.2  –  <6.6.140
linuxlinux_kernel*≥6.7  –  <6.12.86
linuxlinux_kernel*≥6.13  –  <6.18.27
linuxlinux_kernel*≥6.19  –  <7.0.4
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any

References 8

  • git.kernel.org https://git.kernel.org/stable/c/17a08791d428885d00e510864283a7b839792368
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/249c831183fb806c8e3b14c7c4c1d2fb68cf37fb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/35f6b3281efd44d19110574663bc17a610bc73b9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/47dad9eea75d33212d3d2cea10e7ed6a1bfc0713
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4c788c6f921b22f9b6c3f316c4a071c05683e7de
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/87c99a50e0fdc68a5b9b52a94d49452cd3ff02ca
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ae59b3025609d5a0a39cf5b2b94e2467f6231573
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e5e0ae3237584ebef510366c4cb3d5cc7c22b610
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/17a08791d428885d00e510864283a7b839792368
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/249c831183fb806c8e3b14c7c4c1d2fb68cf37fb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/35f6b3281efd44d19110574663bc17a610bc73b9
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/47dad9eea75d33212d3d2cea10e7ed6a1bfc0713
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4c788c6f921b22f9b6c3f316c4a071c05683e7de
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/87c99a50e0fdc68a5b9b52a94d49452cd3ff02ca
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ae59b3025609d5a0a39cf5b2b94e2467f6231573
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e5e0ae3237584ebef510366c4cb3d5cc7c22b610
    Patch