CVE-2026-46161
Analyzed Analyzed - Analysis Complete
Linux kernel md/raid10 divide-by-zero in setup_geo

Publication date: 2026-05-28

Last updated on: 2026-06-09

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix divide-by-zero in setup_geo() with zero far_copies setup_geo() extracts near_copies (nc) and far_copies (fc) from the user-provided layout parameter without checking for zero. When fc=0 with the "improved" far set layout selected, 'geo->far_set_size = disks / fc' triggers a divide-by-zero. Validate nc and fc immediately after extraction, returning -1 if either is zero.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-28
Last Modified
2026-06-09
Generated
2026-06-17
AI Q&A
2026-05-28
EPSS Evaluated
2026-06-16
NVD
CVE-2026-46161
EUVD
EUVD-2026-32788
Affected Vendors & Products
Showing 16 associated CPEs
Vendor Product Version / Range
linux linux_kernel 3.9
linux linux_kernel 3.9
linux linux_kernel 3.9
linux linux_kernel 3.9
linux linux_kernel 3.9
linux linux_kernel 3.9
linux linux_kernel 3.9
linux linux_kernel 3.9
linux linux_kernel 7.1
linux linux_kernel From 6.13 (inc) to 6.18.30 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.175 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.209 (exc)
linux linux_kernel From 6.19 (inc) to 7.0.7 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.88 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.140 (exc)
linux linux_kernel From 3.9.1 (inc) to 5.10.258 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-369 The product divides a value by zero.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's md/raid10 module, specifically in the setup_geo() function. The function extracts two parameters, near_copies (nc) and far_copies (fc), from a user-provided layout without checking if either is zero. When far_copies (fc) is zero and the "improved" far set layout is selected, a divide-by-zero error occurs because the code attempts to divide by fc.

The fix involves validating nc and fc immediately after extraction and returning an error (-1) if either is zero, preventing the divide-by-zero condition.

Impact Analysis

This vulnerability can cause a divide-by-zero error in the Linux kernel's RAID10 setup process, which may lead to a kernel crash or system instability. Such a crash could result in denial of service, potentially disrupting system operations or data availability.

Mitigation Strategies

The vulnerability is caused by a divide-by-zero error in the Linux kernel's md/raid10 setup_geo() function when far_copies is zero. To mitigate this vulnerability, you should update your Linux kernel to a version where this issue is fixed.

The fix involves validating the near_copies and far_copies parameters immediately after extraction and returning an error if either is zero, preventing the divide-by-zero condition.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46161. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart