CVE Catalog

CVE-2026-46023

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

8th percentile - higher than 8% of all known CVEs

Summary

A vulnerability has been identified in the Linux kernel related to integer overflow in the create_dirty_log() function. It allows bypassing argument validation, leading to out-of-bounds reads on the argv array.

Risk Assessment

This vulnerability may lead to unauthorized memory access, posing a risk to system and data integrity. It could be exploited by an attacker to execute malicious code.

Recommendation

It is recommended to update the Linux kernel to the latest version where this vulnerability has been fixed. Additionally, monitor systems for unauthorized activities.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: dm mirror: fix integer overflow in create_dirty_log() The argument count calculation in create_dirty_log() performs `*args_used = 2 + param_count` before validating against argc. When a user provides a param_count close to UINT_MAX via the device mapper table string, this unsigned addition wraps around to a small value, causing the subsequent `argc < *args_used` check to be bypassed. The overflowed param_count is then passed as argc to dm_dirty_log_create(), where it can cause out-of-bounds reads on the argv array. Fix by comparing param_count against argc - 2 before performing the addition, following the same pattern used by parse_features() in the same file. Since argc >= 2 is already guaranteed, the subtraction is safe.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS