CVE-2026-43163
Awaiting Analysis Awaiting Analysis - Queue
md/bitmap write_page GPF due to resize race in Linux kernel

Publication date: 2026-05-06

Last updated on: 2026-05-06

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: md/bitmap: fix GPF in write_page caused by resize race A General Protection Fault occurs in write_page() during array resize: RIP: 0010:write_page+0x22b/0x3c0 [md_mod] This is a use-after-free race between bitmap_daemon_work() and __bitmap_resize(). The daemon iterates over `bitmap->storage.filemap` without locking, while the resize path frees that storage via md_bitmap_file_unmap(). `quiesce()` does not stop the md thread, allowing concurrent access to freed pages. Fix by holding `mddev->bitmap_info.mutex` during the bitmap update.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-06
Generated
2026-06-16
AI Q&A
2026-05-06
EPSS Evaluated
2026-06-14
NVD
CVE-2026-43163
EUVD
EUVD-2026-27726
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a use-after-free race condition in the Linux kernel's md (multiple device) subsystem, specifically in the bitmap handling code. It occurs during the resizing of an array in the write_page() function, where a General Protection Fault (GPF) can happen.

The issue arises because the bitmap_daemon_work() function iterates over bitmap->storage.filemap without proper locking, while at the same time, the __bitmap_resize() function can free that storage via md_bitmap_file_unmap(). The quiesce() function does not stop the md thread, allowing concurrent access to memory that has already been freed.

The fix involves holding the mddev->bitmap_info.mutex during bitmap updates to prevent this race condition.

Impact Analysis

This vulnerability can cause a General Protection Fault in the Linux kernel, which may lead to system instability or crashes. Because it is a use-after-free race condition, it could potentially be exploited to cause unpredictable behavior or denial of service by triggering the kernel to access freed memory.

Mitigation Strategies

The vulnerability is fixed by holding the mddev->bitmap_info.mutex during the bitmap update to prevent the use-after-free race condition.

Immediate mitigation steps include updating the Linux kernel to a version that contains this fix.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43163. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart