Medium severity4.7NVD Advisory· Published May 6, 2026· Updated May 13, 2026

CVE-2026-43163

Description

In the Linux kernel, the following vulnerability has been resolved:

md/bitmap: fix GPF in write_page caused by resize race

A General Protection Fault occurs in write_page() during array resize: RIP: 0010:write_page+0x22b/0x3c0 [md_mod]

This is a use-after-free race between bitmap_daemon_work() and __bitmap_resize(). The daemon iterates over bitmap->storage.filemap without locking, while the resize path frees that storage via md_bitmap_file_unmap(). quiesce() does not stop the md thread, allowing concurrent access to freed pages.

Fix by holding mddev->bitmap_info.mutex during the bitmap update.

Affected products

Linux/Kernel
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Range: >=3.5,<5.10.252

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

News mentions

No linked articles in our index yet.

Severity

MediumCVSS v3.1

4.7/ 10

Attack vector: Local
Complexity: High
Privileges: Low
User interaction: None
Scope: Unchanged
Confidentiality: None
Integrity: None
Availability: High

Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Probability of exploitation in the next 30 days.

0.01%

VYPR risk score

Composite of severity, exploitation, and reach.

0.31medium

cvss	0.306
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000

Weaknesses

CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVE ID

CVE-2026-43163