{"cve":{"cve_id":"CVE-2026-53059","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":null,"epss_percentile":null,"epss_as_of":null,"description":"In the Linux kernel, the following vulnerability has been resolved:\n\ndm log: fix out-of-bounds write due to region_count overflow\n\nThe local variable region_count in create_log_context() is declared as\nunsigned int (32-bit), but dm_sector_div_up() returns sector_t (64-bit).\nWhen a device-mapper target has a sufficiently large ti->len with a small\nregion_size, the division result can exceed UINT_MAX. The truncated\nvalue is then used to calculate bitset_size, causing clean_bits,\nsync_bits, and recovering_bits to be allocated far smaller than needed\nfor the actual number of regions.\n\nSubsequent log operations (log_set_bit, log_clear_bit, log_test_bit) use\nregion indices derived from the full untruncated region space, causing\nout-of-bounds writes to kernel heap memory allocated by vmalloc.\n\nThis can be reproduced by creating a mirror target whose region_count\noverflows 32 bits:\n\n  dmsetup create bigzero --table '0 8589934594 zero'\n  dmsetup create mymirror --table '0 8589934594 mirror \\\n    core 2 2 nosync 2 /dev/mapper/bigzero 0 \\\n    /dev/mapper/bigzero 0'\n\nThe status output confirms the truncation (sync_count=1 instead of\n4294967297, because 0x100000001 was truncated to 1):\n\n  $ dmsetup status mymirror\n  0 8589934594 mirror 2 254:1 254:1 1/4294967297 ...\n\nThis leads to a kernel crash in core_in_sync:\n\n  BUG: scheduling while atomic: (udev-worker)/9150/0x00000000\n  RIP: 0010:core_in_sync+0x14/0x30 [dm_log]\n  CR2: 0000000000000008\n  Fixing recursive fault but reboot is needed!\n\nFix by widening the local region_count to sector_t and adding an\nexplicit overflow check before the value is assigned to lc->region_count.","published_at":"2026-06-24T16:30:04.210000Z","last_modified_at":null,"cvss_v3_score":null,"cvss_v3_vector":null,"cvss_v3_severity":null,"cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":null,"nvd_references":["https://git.kernel.org/stable/c/44ab8875ae4a2842bde2d756bed195d375e0debb","https://git.kernel.org/stable/c/defe483e47173768c227532694dc78cb65db5f09","https://git.kernel.org/stable/c/3ec74da927b4e171a6fc0e77b1188ba4d019af51","https://git.kernel.org/stable/c/d4ac87567f86a55c3c92e9a5144dcd943a9772a1","https://git.kernel.org/stable/c/12bd5b88e91a02785244ff1d20fb157e96e9cdc8","https://git.kernel.org/stable/c/b455903eed4558982be0811f5b7f44f6bbc4ff57","https://git.kernel.org/stable/c/4ec8323b9f0764a14d532b1ae9b87f8a9fecb867","https://git.kernel.org/stable/c/c20e36b7631d83e7535877f08af8b0af72c44b1a"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-28T17:55:28.590503Z","updated_at":"2026-06-28T23:30:50.753831Z"},"effective_severity":null,"badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":null,"metrics":[]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","version_start_inclusive":true,"version_end":"44ab8875ae4a2842bde2d756bed195d375e0debb","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:1da177e4c3f41524e886b7f1b8a0c1fc7321cac2:44ab8875ae4a2842bde2d756bed195d375e0debb"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","version_start_inclusive":true,"version_end":"defe483e47173768c227532694dc78cb65db5f09","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:1da177e4c3f41524e886b7f1b8a0c1fc7321cac2:defe483e47173768c227532694dc78cb65db5f09"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","version_start_inclusive":true,"version_end":"3ec74da927b4e171a6fc0e77b1188ba4d019af51","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:1da177e4c3f41524e886b7f1b8a0c1fc7321cac2:3ec74da927b4e171a6fc0e77b1188ba4d019af51"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","version_start_inclusive":true,"version_end":"d4ac87567f86a55c3c92e9a5144dcd943a9772a1","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:1da177e4c3f41524e886b7f1b8a0c1fc7321cac2:d4ac87567f86a55c3c92e9a5144dcd943a9772a1"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","version_start_inclusive":true,"version_end":"12bd5b88e91a02785244ff1d20fb157e96e9cdc8","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:1da177e4c3f41524e886b7f1b8a0c1fc7321cac2:12bd5b88e91a02785244ff1d20fb157e96e9cdc8"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","version_start_inclusive":true,"version_end":"b455903eed4558982be0811f5b7f44f6bbc4ff57","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:1da177e4c3f41524e886b7f1b8a0c1fc7321cac2:b455903eed4558982be0811f5b7f44f6bbc4ff57"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","version_start_inclusive":true,"version_end":"4ec8323b9f0764a14d532b1ae9b87f8a9fecb867","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:1da177e4c3f41524e886b7f1b8a0c1fc7321cac2:4ec8323b9f0764a14d532b1ae9b87f8a9fecb867"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2","version_start_inclusive":true,"version_end":"c20e36b7631d83e7535877f08af8b0af72c44b1a","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:1da177e4c3f41524e886b7f1b8a0c1fc7321cac2:c20e36b7631d83e7535877f08af8b0af72c44b1a"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"2.6.12","version_start_inclusive":true,"version_end":"2.6.12","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:2.6.12:2.6.12"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"0","version_start_inclusive":true,"version_end":"2.6.12","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:0:2.6.12"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"5.10.258","version_start_inclusive":true,"version_end":"5.10.*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:5.10.258:5.10.*"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"5.15.209","version_start_inclusive":true,"version_end":"5.15.*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:5.15.209:5.15.*"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"6.1.175","version_start_inclusive":true,"version_end":"6.1.*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:6.1.175:6.1.*"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"6.6.141","version_start_inclusive":true,"version_end":"6.6.*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:6.6.141:6.6.*"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"6.12.91","version_start_inclusive":true,"version_end":"6.12.*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:6.12.91:6.12.*"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"6.18.33","version_start_inclusive":true,"version_end":"6.18.*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:6.18.33:6.18.*"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"7.0.10","version_start_inclusive":true,"version_end":"7.0.*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:7.0.10:7.0.*"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"7.1","version_start_inclusive":true,"version_end":"*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:7.1:*"}],"exploit_refs":[],"news":[],"references":[{"url":"https://git.kernel.org/stable/c/44ab8875ae4a2842bde2d756bed195d375e0debb","source_type":"MISC","tags":[]},{"url":"https://git.kernel.org/stable/c/defe483e47173768c227532694dc78cb65db5f09","source_type":"MISC","tags":[]},{"url":"https://git.kernel.org/stable/c/3ec74da927b4e171a6fc0e77b1188ba4d019af51","source_type":"MISC","tags":[]},{"url":"https://git.kernel.org/stable/c/d4ac87567f86a55c3c92e9a5144dcd943a9772a1","source_type":"MISC","tags":[]},{"url":"https://git.kernel.org/stable/c/12bd5b88e91a02785244ff1d20fb157e96e9cdc8","source_type":"MISC","tags":[]},{"url":"https://git.kernel.org/stable/c/b455903eed4558982be0811f5b7f44f6bbc4ff57","source_type":"MISC","tags":[]},{"url":"https://git.kernel.org/stable/c/4ec8323b9f0764a14d532b1ae9b87f8a9fecb867","source_type":"MISC","tags":[]},{"url":"https://git.kernel.org/stable/c/c20e36b7631d83e7535877f08af8b0af72c44b1a","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2026-06-24T16:30:04.210000Z","label":"CVE published","source":null}]}