Skip to main content

Linux CVE-2026-46023

| EUVD-2026-32404
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-f54w-pgr9-9wv8
Buffer Overflow Linux

Lifecycle Timeline

2
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:17 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

dm mirror: fix integer overflow in create_dirty_log()

The argument count calculation in create_dirty_log() performs *args_used = 2 + param_count before validating against argc. When a user provides a param_count close to UINT_MAX via the device mapper table string, this unsigned addition wraps around to a small value, causing the subsequent argc < *args_used check to be bypassed.

The overflowed param_count is then passed as argc to dm_dirty_log_create(), where it can cause out-of-bounds reads on the argv array.

Fix by comparing param_count against argc - 2 before performing the addition, following the same pattern used by parse_features() in the same file. Since argc >= 2 is already guaranteed, the subtraction is safe.

Analysis

In the Linux kernel, the following vulnerability has been resolved: dm mirror: fix integer overflow in create_dirty_log() The argument count calculation in create_dirty_log() performs *args_used = 2 + param_count before validating against argc. When a user provides a param_count close to UINT_MAX via the device mapper table string, this unsigned addition wraps around to a small value, causing the subsequent argc < *args_used check to be bypassed. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

More from same product – last 7 days

CVE-2026-45844
May 27

In the Linux kernel, the following vulnerability has been resolved: netfilter: arp_tables: fix IEEE1394 ARP payload par
CVE-2026-45837
May 27

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arena_vm_close on fork

CVE-2026-45838
May 27

In the Linux kernel, the following vulnerability has been resolved: bpf: fix end-of-list detection in cgroup_storage_ge
CVE-2026-45840
May 27

In the Linux kernel, the following vulnerability has been resolved: openvswitch: cap upcall PID array size and pre-size
CVE-2026-45841
May 27

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_osf: fix divide-by-zero in OSF

Share

CVE-2026-46023 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy