CVE-2026-23285

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

In the Linux kernel, the following vulnerability has been resolved:

drbd: fix null-pointer dereference on local read error

In drbd request endio(), READ COMPLETED WITH ERROR is passed to req mod() with a NULL peer device:

req mod(req, what, NULL, &m);

The READ COMPLETED WITH ERROR handler then unconditionally passes this NULL peer device to drbd set out of sync(), which dereferences it, causing a null-pointer dereference.

Fix this by obtaining the peer device via first peer device(device), matching how drbd req destroy() handles the same situation.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-23285

Affected Products

Linux

CVE-2026-23285

Related Identifiers

Affected Products

References · 6