Description
In the Linux kernel, the following vulnerability has been resolved:

drbd: fix null-pointer dereference on local read error

In drbd_request_endio(), READ_COMPLETED_WITH_ERROR is passed to
__req_mod() with a NULL peer_device:

__req_mod(req, what, NULL, &m);

The READ_COMPLETED_WITH_ERROR handler then unconditionally passes this
NULL peer_device to drbd_set_out_of_sync(), which dereferences it,
causing a null-pointer dereference.

Fix this by obtaining the peer_device via first_peer_device(device),
matching how drbd_req_destroy() handles the same situation.
Published: 2026-03-25
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

A null‑pointer dereference occurs in the Linux kernel's DRBD subsystem when a local read failure triggers the READ_COMPLETED_WITH_ERROR handler, which passes a NULL peer_device to drbd_set_out_of_sync(). The dereference can crash the kernel, resulting in a denial of service. This weakness is a classical null‑pointer dereference (CWE‑476).

Affected Systems

The vulnerability is present in the Linux kernel’s DRBD module. No specific kernel releases are listed in the data, so any systems running an affected kernel that has not applied the patch may be impacted.

Risk and Exploitability

The vulnerability is not listed in CISA’s KEV catalog and has an EPSS score below 1 %, indicating very low probability of exploitation in the wild. The exploit would require triggering a local read error on a DRBD device, which is likely only achievable by an attacker with local or kernel‑level access to the host. Consequently, the threat surface is limited to privileged or local attackers, and remote exploitation does not appear feasible based on the available information.

Generated by OpenCVE AI on March 26, 2026 at 02:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Linux kernel update that includes the patch for CVE-2026-23285.

Generated by OpenCVE AI on March 26, 2026 at 02:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6238-1 linux security update
History

Thu, 26 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Wed, 25 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: drbd: fix null-pointer dereference on local read error In drbd_request_endio(), READ_COMPLETED_WITH_ERROR is passed to __req_mod() with a NULL peer_device: __req_mod(req, what, NULL, &m); The READ_COMPLETED_WITH_ERROR handler then unconditionally passes this NULL peer_device to drbd_set_out_of_sync(), which dereferences it, causing a null-pointer dereference. Fix this by obtaining the peer_device via first_peer_device(device), matching how drbd_req_destroy() handles the same situation.
Title drbd: fix null-pointer dereference on local read error
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:03:54.818Z

Reserved: 2026-01-13T15:37:45.992Z

Link: CVE-2026-23285

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-25T11:16:23.247

Modified: 2026-03-25T15:41:33.977

Link: CVE-2026-23285

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-25T00:00:00Z

Links: CVE-2026-23285 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-26T12:17:32Z

Weaknesses