-

CVE-2026-23285

EPSS 0.03%
Veröffentlicht 25.03.2026 10:26:44
Zuletzt bearbeitet 25.03.2026 15:41:33
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

drbd: fix null-pointer dereference on local read error

In the Linux kernel, the following vulnerability has been resolved:

drbd: fix null-pointer dereference on local read error

In drbd_request_endio(), READ_COMPLETED_WITH_ERROR is passed to
__req_mod() with a NULL peer_device:

  __req_mod(req, what, NULL, &m);

The READ_COMPLETED_WITH_ERROR handler then unconditionally passes this
NULL peer_device to drbd_set_out_of_sync(), which dereferences it,
causing a null-pointer dereference.

Fix this by obtaining the peer_device via first_peer_device(device),
matching how drbd_req_destroy() handles the same situation.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 8

CNA 2 VulnDex Vulnerability Enrichment 11

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version 0d11f3cf279c5ad20a41f29242f170ba3c02f2da

Version < 6f1d1614f841d91a4169db65812ffd1271735b42

Status affected

Version 0d11f3cf279c5ad20a41f29242f170ba3c02f2da

Version < 1e906c08594c8f9a6a524f38ede2c4e051196106

Status affected

Version 0d11f3cf279c5ad20a41f29242f170ba3c02f2da

Version < 4e8935053ba389ae8d6685c10854d8021931bd89

Status affected

Version 0d11f3cf279c5ad20a41f29242f170ba3c02f2da

Version < 91df51d2df0ca4fd3281f73626341563d64a98a5

Status affected

Version 0d11f3cf279c5ad20a41f29242f170ba3c02f2da

Version < 0d195d3b205ca90db30d70d09d7bb6909aac178f

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.4

Status affected

Version 0

Version < 6.4

Status unaffected

Version <= 6.6.*

Version 6.6.130

Status unaffected

Version <= 6.12.*

Version 6.12.77

Status unaffected

Version <= 6.18.*

Version 6.18.17

Status unaffected

Version <= 6.19.*

Version 6.19.7

Status unaffected

Version <= *

Version 7.0

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.072

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/6f1d1614f841d91a4169db65812ffd1271735b42

https://git.kernel.org/stable/c/1e906c08594c8f9a6a524f38ede2c4e051196106

https://git.kernel.org/stable/c/4e8935053ba389ae8d6685c10854d8021931bd89

https://git.kernel.org/stable/c/91df51d2df0ca4fd3281f73626341563d64a98a5

https://git.kernel.org/stable/c/0d195d3b205ca90db30d70d09d7bb6909aac178f

https://nvd.nist.gov/vuln/detail/CVE-2026-23285

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-23285

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-23285

EUVD