CVE-2026-46023
Published: May 27, 2026
Modified: Jun 1, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: dm mirror: fix integer overflow in create_dirty_log() The argument count calculation in create_dirty_log() performs `*args_used = 2 + param_count` before validating against argc. When a user provides a param_count close to UINT_MAX via the device mapper table string, this unsigned addition wraps around to a small value, causing the subsequent `argc < *args_used` check to be bypassed. The overflowed param_count is then passed as argc to dm_dirty_log_create(), where it can cause out-of-bounds reads on the argv array. Fix by comparing param_count against argc - 2 before performing the addition, following the same pattern used by parse_features() in the same file. Since argc >= 2 is already guaranteed, the subtraction is safe.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < e5e0ae3237584ebef510366c4cb3d5cc7c22b610affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 249c831183fb806c8e3b14c7c4c1d2fb68cf37fbaffected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < ae59b3025609d5a0a39cf5b2b94e2467f6231573affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 35f6b3281efd44d19110574663bc17a610bc73b9affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 47dad9eea75d33212d3d2cea10e7ed6a1bfc0713+3 more versions |
Linux | Linux | affected 2.6.12unaffected 0 - < 2.6.12unaffected 5.10.258 - <= 5.10.*unaffected 5.15.209 - <= 5.15.*unaffected 6.1.175 - <= 6.1.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now