CVE-2026-23285 — NULL Pointer Dereference in Linux

CWE-476 — NULL Pointer Dereference8 documents7 sources

Severity

5.5MEDIUM

No vector

EPSS

0.0%

top 93.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +1 more

Timeline

PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: drbd: fix null-pointer dereference on local read error In drbd_request_endio(), READ_COMPLETED_WITH_ERROR is passed to __req_mod() with a NULL peer_device: __req_mod(req, what, NULL, &m); The READ_COMPLETED_WITH_ERROR handler then unconditionally passes this NULL peer_device to drbd_set_out_of_sync(), which dereferences it, causing a null-pointer dereference. Fix this by obtaining the peer_device via first_peer_device(devic…

Affected Packages5 packages

▶Linuxlinux/linux_kernel6.4.0 — 6.6.130+3

▶Debianlinux/linux_kernel< 6.19.8-1

▶msrcmsrc/azl3_kernel_6.6.126.1-1_on_azure_linux_3.0

▶CVEListV5linux/linux0d11f3cf279c5ad20a41f29242f170ba3c02f2da — 6f1d1614f841d91a4169db65812ffd1271735b42+5

▶debiandebian/linux< linux 6.19.8-1 (forky)

🔴Vulnerability Details

GHSA

GHSA-h6wj-6663-2gvh: In the Linux kernel, the following vulnerability has been resolved: drbd: fix null-pointer dereference on local read error In drbd_request_endio(),↗2026-03-25

▶

OSV

CVE-2026-23285: In the Linux kernel, the following vulnerability has been resolved: drbd: fix null-pointer dereference on local read error In drbd_request_endio(), RE↗2026-03-25

▶

OSV

drbd: fix null-pointer dereference on local read error↗2026-03-25

▶

📋Vendor Advisories

Red Hat

kernel: drbd: fix null-pointer dereference on local read error↗2026-03-25

▶

Microsoft

drbd: fix null-pointer dereference on local read error↗2026-03-10

▶

Debian

CVE-2026-23285: linux - In the Linux kernel, the following vulnerability has been resolved: drbd: fix n...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-23285 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶