Skip to main content

Linux Kernel CVE-2026-46161

| EUVDEUVD-2026-32788 MEDIUM
Divide By Zero (CWE-369)
2026-05-28 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-fx5x-q37w-xxvr
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 09, 2026 - 21:09 vuln.today
CVSS changed
Jun 09, 2026 - 21:07 NVD
5.5 (MEDIUM)
Patch available
May 28, 2026 - 12:01 EUVD
CVE Published
May 28, 2026 - 10:16 nvd
UNKNOWN (no severity yet)
CVE Published
May 28, 2026 - 10:16 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

md/raid10: fix divide-by-zero in setup_geo() with zero far_copies

setup_geo() extracts near_copies (nc) and far_copies (fc) from the user-provided layout parameter without checking for zero. When fc=0 with the "improved" far set layout selected, 'geo->far_set_size = disks / fc' triggers a divide-by-zero.

Validate nc and fc immediately after extraction, returning -1 if either is zero.

AnalysisAI

Divide-by-zero in the Linux kernel's md/raid10 subsystem allows a local authenticated user to crash the kernel by supplying a zero far_copies value when configuring a RAID10 array with the 'improved' far set layout. The affected function setup_geo() performs the division geo->far_set_size = disks / fc without first validating that fc is non-zero, triggering a kernel oops or panic and producing a high availability impact. EPSS is 0.02% (5th percentile) and this CVE is not listed in CISA KEV, consistent with the local-only, configuration-specific attack vector and no public exploit identified at time of analysis.

Technical ContextAI

The vulnerability resides in the md (Multiple Devices) RAID subsystem of the Linux kernel, specifically the RAID10 driver (drivers/md/raid10.c). RAID10 supports 'near,' 'far,' and 'offset' layouts; the 'improved' far set mode divides the disk set using far_copies as a divisor to compute geo->far_set_size. The setup_geo() function extracts near_copies (nc) and far_copies (fc) from a caller-supplied layout integer without any zero-value guard. CWE-369 (Divide By Zero) applies precisely: when fc=0 is provided with the improved far layout path selected, the kernel executes an integer divide-by-zero in ring 0, typically manifesting as a kernel oops or hard panic depending on the kernel build configuration. The vulnerable code was introduced with commit 475901aff15841fb0a81e7546517407779a9b061 in Linux 3.9, placing the affected range from 3.9 onward across all architectures as confirmed by CPE cpe:2.3:o:linux:linux_kernel. The fix adds immediate validation of nc and fc after extraction, returning -1 on zero to abort the configuration before the division is reached.

RemediationAI

Upgrade to a patched kernel release: Linux 6.6.140, 6.12.88, 7.0.7, or 6.18.30 for supported stable branches, or 7.1-rc2 for mainline. Stable-tree patches are publicly available at https://git.kernel.org/stable/c/4af2e558e6fdfb972c61350653fd55d1f62b60a5 and related commits for each branch. Distribution kernel maintainers (RHEL, Debian, Ubuntu, SUSE) should be consulted for backported packages, as vendor kernels may ship independent fixes on different version numbering. If patching is not immediately feasible, restrict access to RAID configuration tooling: apply Linux DAC controls to limit mdadm execution to root-only (chmod 700 /sbin/mdadm) or enforce MAC policies (SELinux, AppArmor) that prevent unprivileged users from opening /dev/md* devices. Note that restricting mdadm access will block legitimate non-root storage administration workflows and should be evaluated against operational requirements.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected

Share

CVE-2026-46161 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy