2451168 – (CVE-2026-23285) CVE-2026-23285 kernel: drbd: fix null-pointer dereference on local read error

Bug 2451168 (CVE-2026-23285) - CVE-2026-23285 kernel: drbd: fix null-pointer dereference on local read error

Summary: CVE-2026-23285 kernel: drbd: fix null-pointer dereference on local read error

Keywords:
Status:	NEW
Alias:	CVE-2026-23285
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-03-25 11:02 UTC by OSIDB Bzimport
Modified:	2026-03-25 18:36 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-03-25 11:02:21 UTC

In the Linux kernel, the following vulnerability has been resolved:

drbd: fix null-pointer dereference on local read error

In drbd_request_endio(), READ_COMPLETED_WITH_ERROR is passed to
__req_mod() with a NULL peer_device:

  __req_mod(req, what, NULL, &m);

The READ_COMPLETED_WITH_ERROR handler then unconditionally passes this
NULL peer_device to drbd_set_out_of_sync(), which dereferences it,
causing a null-pointer dereference.

Fix this by obtaining the peer_device via first_peer_device(device),
matching how drbd_req_destroy() handles the same situation.

Comment 1 Alexander B 2026-03-25 18:33:37 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026032524-CVE-2026-23285-ad41@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.