Null Pointer Dereference in Linux Kernel RBD Disk Management
CVE-2026-46079

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-46079?

A vulnerability exists in the Linux kernel's RBD disk management system where a null pointer dereference can occur during the disk addition process. Specifically, when adding a disk, if the device_add_disk() function fails after successfully calling device_add(), the error handling path can lead to a double cleanup of the disk resources. This unintended behavior can disrupt block device cleanup processes, potentially causing system instability and crashes. A patch has been released to enforce a proper teardown order that prevents the double free operation, thereby addressing the associated risks.

Affected Version(s)

Linux 27c97abc30e2b9ad2288977c0ecbef4d50553f57 < 2f4809a879f0750c7790bbeeae86c9505797a06f

Linux 27c97abc30e2b9ad2288977c0ecbef4d50553f57 < 564cd8f4aeb9a938e470c5c91922fd02e4d41acc

Linux 27c97abc30e2b9ad2288977c0ecbef4d50553f57

References

https://git.kernel.org/stable/c/2f4809a879f0750c7790bbeea...

https://git.kernel.org/stable/c/564cd8f4aeb9a938e470c5c91...

https://git.kernel.org/stable/c/ad0126ffcba8777109852979e...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-46079 Data

JSON