CVE-2026-23285
ADVISORY - nistSummary
In the Linux kernel, the following vulnerability has been resolved:
drbd: fix null-pointer dereference on local read error
In drbd_request_endio(), READ_COMPLETED_WITH_ERROR is passed to __req_mod() with a NULL peer_device:
__req_mod(req, what, NULL, &m);
The READ_COMPLETED_WITH_ERROR handler then unconditionally passes this NULL peer_device to drbd_set_out_of_sync(), which dereferences it, causing a null-pointer dereference.
Fix this by obtaining the peer_device via first_peer_device(device), matching how drbd_req_destroy() handles the same situation.
EPSS Score: 0.00122 (0.023)
Common Weakness Enumeration (CWE)
ADVISORY - nist
NULL Pointer Dereference
ADVISORY - redhat
NULL Pointer Dereference
Sign in to Docker Scout
See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.
Sign in