{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23285", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.992Z", "datePublished": "2026-03-25T10:26:44.698Z", "dateUpdated": "2026-03-25T16:49:09.840Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-03-25T16:49:09.840Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrbd: fix null-pointer dereference on local read error\n\nIn drbd_request_endio(), READ_COMPLETED_WITH_ERROR is passed to\n__req_mod() with a NULL peer_device:\n\n __req_mod(req, what, NULL, &m);\n\nThe READ_COMPLETED_WITH_ERROR handler then unconditionally passes this\nNULL peer_device to drbd_set_out_of_sync(), which dereferences it,\ncausing a null-pointer dereference.\n\nFix this by obtaining the peer_device via first_peer_device(device),\nmatching how drbd_req_destroy() handles the same situation."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/block/drbd/drbd_req.c"], "versions": [{"version": "0d11f3cf279c5ad20a41f29242f170ba3c02f2da", "lessThan": "6f1d1614f841d91a4169db65812ffd1271735b42", "status": "affected", "versionType": "git"}, {"version": "0d11f3cf279c5ad20a41f29242f170ba3c02f2da", "lessThan": "1e906c08594c8f9a6a524f38ede2c4e051196106", "status": "affected", "versionType": "git"}, {"version": "0d11f3cf279c5ad20a41f29242f170ba3c02f2da", "lessThan": "4e8935053ba389ae8d6685c10854d8021931bd89", "status": "affected", "versionType": "git"}, {"version": "0d11f3cf279c5ad20a41f29242f170ba3c02f2da", "lessThan": "91df51d2df0ca4fd3281f73626341563d64a98a5", "status": "affected", "versionType": "git"}, {"version": "0d11f3cf279c5ad20a41f29242f170ba3c02f2da", "lessThan": "0d195d3b205ca90db30d70d09d7bb6909aac178f", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/block/drbd/drbd_req.c"], "versions": [{"version": "6.4", "status": "affected"}, {"version": "0", "lessThan": "6.4", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.130", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.77", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0-rc2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4", "versionEndExcluding": "6.6.130"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4", "versionEndExcluding": "6.12.77"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4", "versionEndExcluding": "7.0-rc2"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/6f1d1614f841d91a4169db65812ffd1271735b42"}, {"url": "https://git.kernel.org/stable/c/1e906c08594c8f9a6a524f38ede2c4e051196106"}, {"url": "https://git.kernel.org/stable/c/4e8935053ba389ae8d6685c10854d8021931bd89"}, {"url": "https://git.kernel.org/stable/c/91df51d2df0ca4fd3281f73626341563d64a98a5"}, {"url": "https://git.kernel.org/stable/c/0d195d3b205ca90db30d70d09d7bb6909aac178f"}], "title": "drbd: fix null-pointer dereference on local read error", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrbd: fix null-pointer dereference on local read error\n\nIn drbd_request_endio(), READ_COMPLETED_WITH_ERROR is passed to\n__req_mod() with a NULL peer_device:\n\n __req_mod(req, what, NULL, &m);\n\nThe READ_COMPLETED_WITH_ERROR handler then unconditionally passes this\nNULL peer_device to drbd_set_out_of_sync(), which dereferences it,\ncausing a null-pointer dereference.\n\nFix this by obtaining the peer_device via first_peer_device(device),\nmatching how drbd_req_destroy() handles the same situation."}], "id": "CVE-2026-23285", "lastModified": "2026-03-25T15:41:33.977", "metrics": {}, "published": "2026-03-25T11:16:23.247", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0d195d3b205ca90db30d70d09d7bb6909aac178f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1e906c08594c8f9a6a524f38ede2c4e051196106"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4e8935053ba389ae8d6685c10854d8021931bd89"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6f1d1614f841d91a4169db65812ffd1271735b42"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/91df51d2df0ca4fd3281f73626341563d64a98a5"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: drbd: fix null-pointer dereference on local read error", "id": "2451168", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451168"}, "csaw": false, "cwe": "CWE-476", "details": ["A flaw was found in the Linux kernel's Distributed Replicated Block Device (DRBD) module. A local read error within the `drbd_request_endio()` function can lead to a null-pointer dereference. This occurs when a NULL peer device is incorrectly passed to the `drbd_set_out_of_sync()` function, causing the system to crash. This vulnerability can result in a Denial of Service (DoS)."], "name": "CVE-2026-23285", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23285\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23285\nhttps://lore.kernel.org/linux-cve-announce/2026032524-CVE-2026-23285-ad41@gregkh/T"], "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-03-25T12:06:38.398738+00:00", "value": {"mitigation_remediation": ["Apply the latest Linux kernel update that incorporates the DRBD null\u2011pointer fix and verify that the commit references in the advisory are present in the new kernel.\nIf an immediate kernel upgrade is not possible, disable the DRBD kernel module or remove DRBD functionality from the system until the patch is applied.\nContinuously monitor kernel release notes and vendor advisories for the inclusion of the fix and for any additional workarounds."], "summary": {"action": "Patch Immediately", "impact": "Denial of Service via kernel crash"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the DRBD implementation of the Linux kernel. All distributions that ship a kernel containing the unpatched DRBD code are impacted. No specific kernel version is cited, so any kernel build that includes the vulnerable path without the patch is susceptible.", "description_and_impact": "A null pointer dereference occurs in the Linux kernel DRBD subsystem when a local read error is processed. The error path forwards a NULL peer_device to drbd_set_out_of_sync, which dereferences it, leading to a kernel panic. This crash terminates system processes and can bring the whole machine down, directly impacting availability.", "risk_and_exploitability": "No CVSS or EPSS score is provided and the vulnerability is not listed in the CISA known exploited vulnerabilities catalog. The likely attack vector is local; an attacker with the ability to induce a read error on a DRBD device that the kernel processes can trigger the crash. There is no evidence of remote code execution; the impact is limited to denial of service on the affected host."}}}}, "created": "2026-03-25T21:15:45.283857+00:00", "updated": "2026-03-25T21:15:45.283889+00:00", "vendors": [], "weaknesses": ["CWE-476"]}