CVE-2026-43163
Published: May 6, 2026
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: md/bitmap: fix GPF in write_page caused by resize race A General Protection Fault occurs in write_page() during array resize: RIP: 0010:write_page+0x22b/0x3c0 [md_mod] This is a use-after-free race between bitmap_daemon_work() and __bitmap_resize(). The daemon iterates over `bitmap->storage.filemap` without locking, while the resize path frees that storage via md_bitmap_file_unmap(). `quiesce()` does not stop the md thread, allowing concurrent access to freed pages. Fix by holding `mddev->bitmap_info.mutex` during the bitmap update.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected d60b479d177a5735b6b4db6ee5280ef6653f50e7 - < 140cc839fbeb1ddb33a8da8811b716d88d3905b7affected d60b479d177a5735b6b4db6ee5280ef6653f50e7 - < ebcacc7ca22d5e8a03a970f0621ae1d1356b9ae8affected d60b479d177a5735b6b4db6ee5280ef6653f50e7 - < d3af62411e19752c663fe4f424dbf49d95a4cc7caffected d60b479d177a5735b6b4db6ee5280ef6653f50e7 - < d92b8fac294b5f915c50e65ce4ae2262e53614ecaffected d60b479d177a5735b6b4db6ee5280ef6653f50e7 - < a437e3bf30e32846079e470c1ba5ee790bccdf89+3 more versions |
Linux | Linux | affected 3.5unaffected 0 - < 3.5unaffected 5.10.252 - <= 5.10.*unaffected 5.15.202 - <= 5.15.*unaffected 6.1.165 - <= 6.1.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now