The vulnerability resides in the md driver for RAID10. The setup_geo function extracts near and far copy counts from a user‑supplied layout description but fails to validate that the far copy count (fc) is non‑zero. If the improved far set layout is selected and fc equals zero, the code performs disks / fc, causing a divide‑by‑zero that triggers a kernel fault and leads to a crash. This results in a denial of service on the affected system.

All Linux kernel implementations that include the old md/raid10 driver prior to the remediation commit are affected. The issue was addressed in the kernel source commits referenced in the advisory, therefore any kernel version older than those changes is vulnerable.

The vulnerability requires the attacker to create or modify a RAID10 configuration. Based on the description, it is inferred that this normally requires privileged access. The CVSS score is 5.5, and the EPSS score indicates a very low likelihood of exploitation, being below 1%. It is not listed in the CISA KEV catalog. The potential for a kernel panic makes it highly undesirable. Exploitability hinges on the ability to supply a malicious layout that sets far_copies to zero; once the array is created, a boot‑time or runtime panic can be triggered, disrupting system availability. No public exploit is known, but the bug could be leveraged in a targeted attack where the attacker owns or can influence the array configuration.