Skip to main content

Linux EUVDEUVD-2026-15211

| CVE-2026-23285 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-03-25 Linux
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
CVSS changed
May 22, 2026 - 00:22 NVD
5.5 (MEDIUM)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 25, 2026 - 10:45 euvd
EUVD-2026-15211
Analysis Generated
Mar 25, 2026 - 10:45 vuln.today
CVE Published
Mar 25, 2026 - 10:26 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

drbd: fix null-pointer dereference on local read error

In drbd_request_endio(), READ_COMPLETED_WITH_ERROR is passed to __req_mod() with a NULL peer_device:

__req_mod(req, what, NULL, &m);

The READ_COMPLETED_WITH_ERROR handler then unconditionally passes this NULL peer_device to drbd_set_out_of_sync(), which dereferences it, causing a null-pointer dereference.

Fix this by obtaining the peer_device via first_peer_device(device), matching how drbd_req_destroy() handles the same situation.

AnalysisAI

A null-pointer dereference vulnerability exists in the Linux kernel's DRBD (Distributed Replicated Block Device) subsystem when handling local read errors. When a READ_COMPLETED_WITH_ERROR event occurs in drbd_request_endio(), a NULL peer_device pointer is passed to the __req_mod() function, which then unconditionally dereferences it in drbd_set_out_of_sync(), causing a kernel panic or system crash. This affects all Linux kernel versions with the vulnerable DRBD code, and while not actively exploited in the wild, it can be triggered by a local user or administrator through normal disk I/O error conditions, resulting in denial of service.

Technical ContextAI

The vulnerability resides in the Linux kernel's DRBD (Distributed Replicated Block Device) module, a software-based RAID-1 implementation used for block-level replication across networked systems. The root cause is a classic null-pointer dereference (CWE-476) in the request completion path. Specifically, when drbd_request_endio() handles READ_COMPLETED_WITH_ERROR events, it invokes __req_mod(req, READ_COMPLETED_WITH_ERROR, NULL, &m) with a NULL peer_device parameter. The READ_COMPLETED_WITH_ERROR handler then calls drbd_set_out_of_sync(device, sector_nr, size, peer_device) without validating the peer_device pointer, assuming it is valid. The fix normalizes this behavior by obtaining the peer_device via first_peer_device(device), mirroring the safe approach already used in drbd_req_destroy(). The affected CPE entries (cpe:2.3:a:linux:linux) confirm this impacts the Linux kernel across distributions.

RemediationAI

Apply the Linux kernel security patch by upgrading to a patched kernel version that includes one of the five committed fixes available at https://git.kernel.org/stable/. Most distributions will include this fix in their next kernel update; check your distribution's security advisory and kernel repository for availability. For immediate protection, disable DRBD replication or remove the DRBD module if not actively in use, though this eliminates high-availability functionality. Alternatively, configure monitoring and automated restart mechanisms to detect and recover from kernel panics caused by this issue until patching is feasible. Prioritize patching for any production systems relying on DRBD for storage replication.

Vendor StatusVendor

Debian

linux
Release Status Fixed Version Urgency
bullseye not-affected - -
bullseye (security) fixed 5.10.251-1 -
bookworm not-affected - -
bookworm (security) fixed 6.1.164-1 -
trixie vulnerable 6.12.73-1 -
trixie (security) vulnerable 6.12.74-2 -
forky, sid fixed 6.19.8-1 -
(unstable) fixed 6.19.8-1 -

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-15211 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy