CVE-2026-46130

Severity CVSS v4.0:
Pending analysis
Type:
CWE-125 Out-of-bounds Read
Publication date:
28/05/2026
Last modified:
24/06/2026

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> dm-verity-fec: fix reading parity bytes split across blocks (take 3)<br /> <br /> fec_decode_bufs() assumes that the parity bytes of the first RS codeword<br /> it decodes are never split across parity blocks.<br /> <br /> This assumption is false. Consider v-&gt;fec-&gt;block_size == 4096 &amp;&amp;<br /> v-&gt;fec-&gt;roots == 17 &amp;&amp; fio-&gt;nbufs == 1, for example. In that case, each<br /> call to fec_decode_bufs() consumes v-&gt;fec-&gt;roots * (fio-&gt;nbufs

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.1.125 (including) 6.2 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.6.72 (including) 6.7 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.12.10 (including) 6.13 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.13.1 (including) 7.0.7 (excluding)
cpe:2.3:o:linux:linux_kernel:6.13:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc7:*:*:*:*:*:*