Description
In the Linux kernel, the following vulnerability has been resolved:

md/raid10: fix divide-by-zero in setup_geo() with zero far_copies

setup_geo() extracts near_copies (nc) and far_copies (fc) from the
user-provided layout parameter without checking for zero. When fc=0
with the "improved" far set layout selected, 'geo->far_set_size =
disks / fc' triggers a divide-by-zero.

Validate nc and fc immediately after extraction, returning -1 if
either is zero.
Published: 2026-05-28
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the md driver for RAID10. The setup_geo function extracts near and far copy counts from a user‑supplied layout description but fails to validate that the far copy count (fc) is non‑zero. If the improved far set layout is selected and fc equals zero, the code performs disks / fc, causing a divide‑by‑zero that triggers a kernel fault and leads to a crash. This results in a denial of service on the affected system.

Affected Systems

All Linux kernel implementations that include the old md/raid10 driver prior to the remediation commit are affected. The issue was addressed in the kernel source commits referenced in the advisory, therefore any kernel version older than those changes is vulnerable.

Risk and Exploitability

The vulnerability requires the attacker to be able to create or modify a RAID10 configuration, which typically needs privileged access. While the EPSS score is not publicly available and the vulnerability is not listed in the CISA KEV catalog, the potential for a kernel panic makes it highly undesirable. Exploitability hinges on the ability to supply a malicious layout that sets far_copies to zero; once the array is created, a boot‑time or runtime panic can be triggered, disrupting system availability. No public exploit is known, but the bug could be leveraged in a targeted attack where the attacker owns or can influence the array configuration.

Generated by OpenCVE AI on May 28, 2026 at 11:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the kernel to a version that includes the patch referenced in the advisory commits.
  • If an upgrade cannot be applied immediately, avoid creating RAID10 arrays with the improved far set layout when zero far_copies could be supplied; validate copy counts yourself or use an alternative layout until the kernel is updated.
  • Continuously monitor system logs for kernel panics or errors related to RAID10 metadata, and reboot promptly if a crash occurs.

Generated by OpenCVE AI on May 28, 2026 at 11:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 28 May 2026 12:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-369

Thu, 28 May 2026 10:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix divide-by-zero in setup_geo() with zero far_copies setup_geo() extracts near_copies (nc) and far_copies (fc) from the user-provided layout parameter without checking for zero. When fc=0 with the "improved" far set layout selected, 'geo->far_set_size = disks / fc' triggers a divide-by-zero. Validate nc and fc immediately after extraction, returning -1 if either is zero.
Title md/raid10: fix divide-by-zero in setup_geo() with zero far_copies
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-28T09:36:16.428Z

Reserved: 2026-05-13T15:03:33.102Z

Link: CVE-2026-46161

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-28T10:16:31.770

Modified: 2026-05-28T10:16:31.770

Link: CVE-2026-46161

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T11:45:16Z

Weaknesses