Linux Kernel Vulnerability in dm-multipath Mechanism Affecting PCIe NVMe Devices
CVE-2026-43278
What is CVE-2026-43278?
A significant vulnerability in the Linux kernel's device-mapper (dm) subsystem has been identified, primarily affecting scenarios where dm-multipath is implemented on PCIe NVMe namespaces. This issue arises due to stale rq->bio pointers, which can result in double-initialization of cloned request bios during request handling. In particular, the cloned request bios are prematurely freed during the blk_complete_request(), yet the associated rq->bio remains intact. This discrepancy can lead to double-free conditions when the associated teardown processes attempt to free already released bios, potentially resulting in system instability or exposure to further exploitation. A fix has been applied to ensure that the clone request's bio pointer is cleared upon the completion of the last cloned bio, preventing invalid access and ensuring robust memory management.
Affected Version(s)
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 3d746b639be4b4f5cd8ce2b06aa52dc443f50edc
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 9a95b98202113045bc1a5bcb30388a500f25e050
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 8d9ddad561136f7e6a9346767bf97b4d79e38e67