CVE-2026-46161
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
A vulnerability has been identified in the Linux kernel that leads to a divide-by-zero error in the setup_geo() function when the far_copies parameter is zero. This issue has been resolved by implementing validation of nc and fc values after extraction.
Risk Assessment
This vulnerability may lead to system crashes or unexpected behavior, impacting the stability and availability of services within the organization. Specifically, exploitation of this flaw could result in downtime for RAID 10 systems.
Recommendation
It is recommended to update the Linux kernel to the latest version to eliminate this vulnerability. Additionally, monitoring RAID configurations for correctness is advisable.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix divide-by-zero in setup_geo() with zero far_copies setup_geo() extracts near_copies (nc) and far_copies (fc) from the user-provided layout parameter without checking for zero. When fc=0 with the "improved" far set layout selected, 'geo->far_set_size = disks / fc' triggers a divide-by-zero. Validate nc and fc immediately after extraction, returning -1 if either is zero.

