{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23285", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.992Z", "datePublished": "2026-03-25T10:26:44.698Z", "dateUpdated": "2026-05-11T22:03:54.818Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:03:54.818Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrbd: fix null-pointer dereference on local read error\n\nIn drbd_request_endio(), READ_COMPLETED_WITH_ERROR is passed to\n__req_mod() with a NULL peer_device:\n\n __req_mod(req, what, NULL, &m);\n\nThe READ_COMPLETED_WITH_ERROR handler then unconditionally passes this\nNULL peer_device to drbd_set_out_of_sync(), which dereferences it,\ncausing a null-pointer dereference.\n\nFix this by obtaining the peer_device via first_peer_device(device),\nmatching how drbd_req_destroy() handles the same situation."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/block/drbd/drbd_req.c"], "versions": [{"version": "0d11f3cf279c5ad20a41f29242f170ba3c02f2da", "lessThan": "6f1d1614f841d91a4169db65812ffd1271735b42", "status": "affected", "versionType": "git"}, {"version": "0d11f3cf279c5ad20a41f29242f170ba3c02f2da", "lessThan": "1e906c08594c8f9a6a524f38ede2c4e051196106", "status": "affected", "versionType": "git"}, {"version": "0d11f3cf279c5ad20a41f29242f170ba3c02f2da", "lessThan": "4e8935053ba389ae8d6685c10854d8021931bd89", "status": "affected", "versionType": "git"}, {"version": "0d11f3cf279c5ad20a41f29242f170ba3c02f2da", "lessThan": "91df51d2df0ca4fd3281f73626341563d64a98a5", "status": "affected", "versionType": "git"}, {"version": "0d11f3cf279c5ad20a41f29242f170ba3c02f2da", "lessThan": "0d195d3b205ca90db30d70d09d7bb6909aac178f", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/block/drbd/drbd_req.c"], "versions": [{"version": "6.4", "status": "affected"}, {"version": "0", "lessThan": "6.4", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.130", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.77", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4", "versionEndExcluding": "6.6.130"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4", "versionEndExcluding": "6.12.77"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/6f1d1614f841d91a4169db65812ffd1271735b42"}, {"url": "https://git.kernel.org/stable/c/1e906c08594c8f9a6a524f38ede2c4e051196106"}, {"url": "https://git.kernel.org/stable/c/4e8935053ba389ae8d6685c10854d8021931bd89"}, {"url": "https://git.kernel.org/stable/c/91df51d2df0ca4fd3281f73626341563d64a98a5"}, {"url": "https://git.kernel.org/stable/c/0d195d3b205ca90db30d70d09d7bb6909aac178f"}], "title": "drbd: fix null-pointer dereference on local read error", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrbd: fix null-pointer dereference on local read error\n\nIn drbd_request_endio(), READ_COMPLETED_WITH_ERROR is passed to\n__req_mod() with a NULL peer_device:\n\n __req_mod(req, what, NULL, &m);\n\nThe READ_COMPLETED_WITH_ERROR handler then unconditionally passes this\nNULL peer_device to drbd_set_out_of_sync(), which dereferences it,\ncausing a null-pointer dereference.\n\nFix this by obtaining the peer_device via first_peer_device(device),\nmatching how drbd_req_destroy() handles the same situation."}], "id": "CVE-2026-23285", "lastModified": "2026-03-25T15:41:33.977", "metrics": {}, "published": "2026-03-25T11:16:23.247", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0d195d3b205ca90db30d70d09d7bb6909aac178f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1e906c08594c8f9a6a524f38ede2c4e051196106"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4e8935053ba389ae8d6685c10854d8021931bd89"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6f1d1614f841d91a4169db65812ffd1271735b42"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/91df51d2df0ca4fd3281f73626341563d64a98a5"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: drbd: fix null-pointer dereference on local read error", "id": "2451168", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451168"}, "csaw": false, "cwe": "CWE-476", "details": ["A flaw was found in the Linux kernel's Distributed Replicated Block Device (DRBD) module. A local read error within the `drbd_request_endio()` function can lead to a null-pointer dereference. This occurs when a NULL peer device is incorrectly passed to the `drbd_set_out_of_sync()` function, causing the system to crash. This vulnerability can result in a Denial of Service (DoS)."], "name": "CVE-2026-23285", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23285\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23285\nhttps://lore.kernel.org/linux-cve-announce/2026032524-CVE-2026-23285-ad41@gregkh/T"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,6f1d1614f841d91a4169db65812ffd1271735b42)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,1e906c08594c8f9a6a524f38ede2c4e051196106)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,4e8935053ba389ae8d6685c10854d8021931bd89)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,91df51d2df0ca4fd3281f73626341563d64a98a5)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,0d195d3b205ca90db30d70d09d7bb6909aac178f)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.6.130,6.6.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.12.77,6.12.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.18.17,6.18.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.19.7,6.19.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0-rc2,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-03-26T02:30:08.416227+00:00", "value": {"mitigation_remediation": ["Apply the latest Linux kernel update that includes the patch for CVE-2026-23285."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability is present in the Linux kernel\u2019s DRBD module. No specific kernel releases are listed in the data, so any systems running an affected kernel that has not applied the patch may be impacted.", "description_and_impact": "A null\u2011pointer dereference occurs in the Linux kernel's DRBD subsystem when a local read failure triggers the READ_COMPLETED_WITH_ERROR handler, which passes a NULL peer_device to drbd_set_out_of_sync(). The dereference can crash the kernel, resulting in a denial of service. This weakness is a classical null\u2011pointer dereference (CWE\u2011476).", "risk_and_exploitability": "The vulnerability is not listed in CISA\u2019s KEV catalog and has an EPSS score below 1\u202f%, indicating very low probability of exploitation in the wild. The exploit would require triggering a local read error on a DRBD device, which is likely only achievable by an attacker with local or kernel\u2011level access to the host. Consequently, the threat surface is limited to privileged or local attackers, and remote exploitation does not appear feasible based on the available information."}}}}, "created": "2026-03-25T21:15:45.283857+00:00", "updated": "2026-03-26T12:17:32.851589+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}