CVE-2026-43163 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: md/bitmap: fix GPF in write_page caused by resize race A General Protection Fault occurs in write_page() during array resize: RIP: 0010:write_page+0x22b/0x3c0 [md_mod] This is a use-after-free race between bitmap_daemon_work() and __bitmap_resize(). The daemon iterates over `bitmap->storage.filemap` without locking, while the resize path frees that storage via md_bitmap_file_unmap(). `quiesce()` does not stop the md thread, allowing concurrent access to freed pages. Fix by holding `mddev->bitmap_info.mutex` during the bitmap update.

PUBLISHED Reserved 2026-05-01 | Published 2026-05-06 | Updated 2026-05-06 | Assigner Linux

Product status

Default status

unaffected

d60b479d177a5735b6b4db6ee5280ef6653f50e7 (git) before 140cc839fbeb1ddb33a8da8811b716d88d3905b7

affected

d60b479d177a5735b6b4db6ee5280ef6653f50e7 (git) before ebcacc7ca22d5e8a03a970f0621ae1d1356b9ae8

affected

d60b479d177a5735b6b4db6ee5280ef6653f50e7 (git) before d3af62411e19752c663fe4f424dbf49d95a4cc7c

affected

d60b479d177a5735b6b4db6ee5280ef6653f50e7 (git) before d92b8fac294b5f915c50e65ce4ae2262e53614ec

affected

d60b479d177a5735b6b4db6ee5280ef6653f50e7 (git) before a437e3bf30e32846079e470c1ba5ee790bccdf89

affected

d60b479d177a5735b6b4db6ee5280ef6653f50e7 (git) before 9a6f8cd28bb9bb6ed86a6df19331fb08016dee7f

affected

d60b479d177a5735b6b4db6ee5280ef6653f50e7 (git) before 5f73c8b33df9a605a591eab72d43a969600c1f8c

affected

d60b479d177a5735b6b4db6ee5280ef6653f50e7 (git) before 46ef85f854dfa9d5226b3c1c46493d79556c9589

affected

Default status

affected

3.5

affected

Any version before 3.5

unaffected

5.10.252 (semver)

unaffected

5.15.202 (semver)

unaffected

6.1.165 (semver)

unaffected

6.6.128 (semver)

unaffected

6.12.75 (semver)

unaffected

6.18.16 (semver)

unaffected

6.19.6 (semver)

unaffected

7.0 (original_commit_for_fix)

unaffected

References

git.kernel.org/...c/140cc839fbeb1ddb33a8da8811b716d88d3905b7

git.kernel.org/...c/ebcacc7ca22d5e8a03a970f0621ae1d1356b9ae8

git.kernel.org/...c/d3af62411e19752c663fe4f424dbf49d95a4cc7c

git.kernel.org/...c/d92b8fac294b5f915c50e65ce4ae2262e53614ec

git.kernel.org/...c/a437e3bf30e32846079e470c1ba5ee790bccdf89

git.kernel.org/...c/9a6f8cd28bb9bb6ed86a6df19331fb08016dee7f

git.kernel.org/...c/5f73c8b33df9a605a591eab72d43a969600c1f8c

git.kernel.org/...c/46ef85f854dfa9d5226b3c1c46493d79556c9589

cve.org (CVE-2026-43163)

nvd.nist.gov (CVE-2026-43163)

Download JSON