Skip to main content

Linux Kernel DLM CVE-2026-43125

| EUVDEUVD-2026-27688 CRITICAL
Out-of-bounds Write (CWE-787)
2026-05-06 Linux GHSA-fr2c-799q-pg3x
9.8
CVSS 3.1 · Vendor: Linux
Share

Severity by source

Vendor (Linux) PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SUSE
CRITICAL
qualitative
Red Hat
7.0 HIGH
qualitative

Primary rating from Vendor (Linux).

CVSS VectorVendor: Linux

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 08, 2026 - 13:29 vuln.today
CVSS changed
May 08, 2026 - 13:22 NVD
9.8 (CRITICAL)
Patch available
May 06, 2026 - 13:32 EUVD
CVE Published
May 06, 2026 - 11:27 nvd
CRITICAL 9.8

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

dlm: validate length in dlm_search_rsb_tree

The len parameter in dlm_dump_rsb_name() is not validated and comes from network messages. When it exceeds DLM_RESNAME_MAXLEN, it can cause out-of-bounds write in dlm_search_rsb_tree().

Add length validation to prevent potential buffer overflow.

AnalysisAI

Remote unauthenticated attackers can cause critical out-of-bounds writes in the Linux kernel's Distributed Lock Manager (DLM) subsystem by sending malformed network messages with unvalidated length parameters to dlm_dump_rsb_name(). When the length exceeds DLM_RESNAME_MAXLEN, dlm_search_rsb_tree() writes beyond allocated buffers, enabling arbitrary code execution, denial of service, or information disclosure. Patches available for kernel versions 6.12.75, 6.18.16, 6.19.6, and 7.0. EPSS exploitation probability is very low (0.02%, 5th percentile), and no public exploit or active exploitation has been identified at time of analysis, despite the critical CVSS 9.8 score.

Technical ContextAI

The Distributed Lock Manager (DLM) in the Linux kernel coordinates cluster-wide resource locking across networked nodes. The vulnerability exists in dlm_search_rsb_tree(), a function that searches the resource name tree structure. The function receives a length parameter from dlm_dump_rsb_name() that originates from untrusted network messages. Without input validation, an attacker-controlled length value exceeding DLM_RESNAME_MAXLEN (the maximum resource name length constant) triggers a classic buffer overflow (CWE-120 class). This occurs during resource name copying or comparison operations where the kernel writes beyond the allocated buffer boundaries. The DLM subsystem processes network messages without requiring prior authentication, making this a network-reachable attack surface. The affected code path has existed since the initial DLM implementation (commit 1da177e4c3f4), indicating a long-standing issue across nearly all kernel versions supporting DLM functionality.

RemediationAI

Upgrade to patched kernel versions: 6.12.75, 6.18.16, 6.19.6, or 7.0 or later, depending on your distribution's kernel branch. Distribution-specific updates should be applied through standard package management (yum/dnf for RHEL/CentOS, apt for Debian/Ubuntu, zypper for SUSE). Kernel updates require system reboot to take effect. Patch commit references are available at https://git.kernel.org/stable/c/67288113c5e6cf9e659b4065c0ed6f16100e0c71 and related stable branch commits. For systems where immediate patching is not feasible, implement compensating controls: disable the DLM kernel module (modprobe -r dlm) if clustering functionality is not required, though this will break clustered filesystem operations; restrict network access to DLM ports (TCP 21064 default) using firewall rules to allow only trusted cluster node IP addresses, which reduces attack surface but does not eliminate risk from compromised cluster members; isolate cluster management networks on dedicated VLANs without internet connectivity. Note that disabling DLM will cause clustered filesystems to fail and should only be done on non-clustered systems. Network isolation is the most practical temporary mitigation for production clusters pending maintenance windows.

Vendor StatusVendor

SUSE

Severity: Critical
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43125 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy