CVE-2026-23285

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel where a null-pointer dereference can occur in the drbd request endio() function. This happens when READ COMPLETED WITH ERROR is passed to req mod() with a NULL peer device. The READ COMPLETED WITH ERROR handler then attempts to dereference this NULL peer device within the drbd set out of sync() function, leading to the dereference.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.