The vulnerability is an integer overflow in dm mirror’s create_dirty_log() routine. The function calculates a required argument count as 2 + param_count before checking it against the supplied argc. When a user supplies a param_count close to UINT_MAX via a device‑mapper table string, the unsigned addition overflows to a small value, causing the subsequent bounds check to be bypassed. This overflowed value is then passed to dm_dirty_log_create(), which can read beyond the bounds of the argv array. The out‑of‑bounds read may lead to memory disclosure or a kernel crash, representing a denial‑of‑service condition. This flaw maps to CWE‑680, Integer Overflow or Wraparound.

All unsupported or pre‑fix Linux kernel builds that include the dm mirror module are affected. The impact applies to any distribution using the default kernel prior to the commit that introduced the fix; specific version numbers are not listed in the advisory but contain the vulnerable code.

Exploitation requires the ability to create or modify a device‑mapper table, normally a privileged or root user. The likely attack vector is a malicious device‑mapper table entry created by a privileged user, as inferred from the description that param_count can be supplied via the device‑mapper table string. No public exploit is documented, EPSS is not available, and the vulnerability is not listed in CISA’s KEV catalog. Nonetheless, the overflow can be triggered with a crafted table entry, resulting in a potential kernel panic or arbitrary read. The CVSS score is not provided, but the nature of the flaw indicates high severity. Monitoring for unusual device‑mapper activity and applying the patch are recommended to mitigate risk.