CVE-2026-46023
published 2026-05-27CVE-2026-46023: In the Linux kernel, the following vulnerability has been resolved: dm mirror: fix integer overflow in create_dirty_log() The argument count calculation in…
high7
In the Linux kernel, the following vulnerability has been resolved:
dm mirror: fix integer overflow in create_dirty_log()
The argument count calculation in create_dirty_log() performs
`*args_used = 2 + param_count` before validating against argc. When a
user provides a param_count close to UINT_MAX via the device mapper
table string, this unsigned addition wraps around to a small value,
causing the subsequent `argc = 2 is already guaranteed, the subtraction is
safe.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux | — | — |
| linux | linux | >= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < e5e0ae3237584ebef510366c4cb3d5cc7c22b610 | e5e0ae3237584ebef510366c4cb3d5cc7c22b610 |
| linux | linux | >= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 249c831183fb806c8e3b14c7c4c1d2fb68cf37fb | 249c831183fb806c8e3b14c7c4c1d2fb68cf37fb |
| linux | linux | >= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < ae59b3025609d5a0a39cf5b2b94e2467f6231573 | ae59b3025609d5a0a39cf5b2b94e2467f6231573 |
| linux | linux | >= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 35f6b3281efd44d19110574663bc17a610bc73b9 | 35f6b3281efd44d19110574663bc17a610bc73b9 |
| linux | linux | >= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 47dad9eea75d33212d3d2cea10e7ed6a1bfc0713 | 47dad9eea75d33212d3d2cea10e7ed6a1bfc0713 |
| linux | linux | >= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 87c99a50e0fdc68a5b9b52a94d49452cd3ff02ca | 87c99a50e0fdc68a5b9b52a94d49452cd3ff02ca |
| linux | linux | >= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 17a08791d428885d00e510864283a7b839792368 | 17a08791d428885d00e510864283a7b839792368 |
| linux | linux | >= 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 4c788c6f921b22f9b6c3f316c4a071c05683e7de | 4c788c6f921b22f9b6c3f316c4a071c05683e7de |
| linux | linux_kernel | — | — |