CVE-2026-46023 Linux CVE debrief

Who should care

Linux system administrators using device mapper mirroring (dm-mirror); security teams monitoring kernel memory safety vulnerabilities; organizations with strict privilege separation requirements for storage subsystem configuration

Technical summary

The create_dirty_log() function in drivers/md/dm-mirror.c calculates *args_used = 2 + param_count before validating param_count against argc. With param_count near UINT_MAX, unsigned integer wraparound produces a small *args_used value, causing the argc < *args_used check to pass incorrectly. The overflowed param_count propagates to dm_dirty_log_create() as argc, leading to out-of-bounds argv array access. The fix reorders validation: param_count is checked against argc - 2 (safe since argc >= 2 is guaranteed) before the addition, preventing the overflow condition.

Defensive priority

medium

Recommended defensive actions

• Apply kernel updates from stable branches when available (commits referenced in sourceItem metadata)
• Restrict device mapper configuration privileges to trusted administrative accounts
• Monitor for unusual device mapper table configurations in audit logs
• Validate that systems using dm-mirror are running patched kernel versions

Evidence notes

CVE published 2026-05-27. Kernel.org stable branch commits provided as references. No CVSS score assigned by NVD at time of disclosure; status 'Awaiting Analysis'. Vendor identified as Kernel with low confidence per source metadata.

Official resources