PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46161 Linux CVE debrief

A divide-by-zero vulnerability exists in the Linux kernel's md/raid10 driver within the setup_geo() function. The function extracts near_copies (nc) and far_copies (fc) values from a user-provided layout parameter without validating that these values are non-zero. When fc equals zero and the 'improved' far set layout is selected, the calculation 'geo->far_set_size = disks / fc' triggers a divide-by-zero condition. The fix adds immediate validation of nc and fc after extraction, returning -1 if either value is zero. This vulnerability affects systems using Linux kernel RAID10 configurations where user-controlled layout parameters could be manipulated. The issue was resolved through kernel patches that enforce proper bounds checking on these layout parameters.

Vendor
Linux
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-28
Original CVE updated
2026-05-28
Advisory published
2026-05-28
Advisory updated
2026-05-28

Who should care

Linux system administrators managing software RAID10 arrays, kernel security teams, and organizations running critical infrastructure on Linux systems with mdadm RAID configurations

Technical summary

The md/raid10 driver's setup_geo() function in the Linux kernel fails to validate that near_copies and far_copies values extracted from user-provided layout parameters are non-zero. When far_copies equals zero with the improved far set layout selected, a divide-by-zero occurs at 'geo->far_set_size = disks / fc'. The vulnerability is triggered during RAID10 array configuration. The fix implements immediate validation returning -1 for zero values.

Defensive priority

medium

Recommended defensive actions

  • Apply kernel patches from stable branches when available for your distribution
  • Validate RAID10 layout parameters in configuration management to prevent zero values for near_copies or far_copies
  • Monitor kernel logs for RAID10 setup failures that may indicate exploitation attempts
  • Review custom RAID10 configurations for potentially malformed layout parameters
  • Update to patched kernel versions once released by distribution maintainers

Evidence notes

CVE description confirms divide-by-zero in md/raid10 setup_geo() when far_copies=0 with improved far set layout. Five kernel.org stable branch commits provided as references. NVD status: Awaiting Analysis. No CVSS score assigned.

Official resources

2026-05-28