CVE-2026-46070

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified) openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1

Description An issue exists in the md/raid5 component where the functions r5c recovery analyze meta block() and r5l recovery verify data checksum for mb() iterate over payloads in a journal metadata block using on-disk payload size fields without validating them against the remaining space in the metadata block. A corrupted journal containing payload sizes that extend beyond the PAGE SIZE boundary can lead to out-of-bounds reads when computing offsets or accessing payload fields.

Recommendations For openSUSE Tumbleweed, update to the kernel-devel-7.0.11-1.1 package. At the moment, there is no information about a newer version that contains a fix for this vulnerability for the Linux kernel.