What is GHSA-76hh-2v3c-vm3v?

GHSA-76hh-2v3c-vm3v is a security advisory published by GitHub Security Advisories with High severity. In the Linux kernel, the following vulnerability has been resolved: md/raid5: validate payload...

Which CVE IDs does GHSA-76hh-2v3c-vm3v cover?

GHSA-76hh-2v3c-vm3v covers the following CVE IDs: CVE-2026-46070. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-76hh-2v3c-vm3v?

GHSA-76hh-2v3c-vm3v has a CVSS v3 base score of 7.1, published by GitHub Security Advisories.

GHSA-76hh-2v3c-vm3vHighCVSS 7.1

In the Linux kernel, the following vulnerability has been resolved: md/raid5: validate payload...

Vendor

GitHub Security Advisories

Published

May 27, 2026

Last Modified

May 30, 2026

🔗 CVE IDs covered (1)

CVE-2026-46070 →

📋 Description

In the Linux kernel, the following vulnerability has been resolved:

md/raid5: validate payload size before accessing journal metadata

r5c_recovery_analyze_meta_block() and r5l_recovery_verify_data_checksum_for_mb() iterate over payloads in a journal metadata block using on-disk payload size fields without validating them against the remaining space in the metadata block.

A corrupted journal contains payload sizes extending beyond the PAGE_SIZE boundary can cause out-of-bounds reads when accessing payload fields or computing offsets.

Add bounds validation for each payload type to ensure the full payload fits within meta_size before processing.

🔗 References (7)

https://nvd.nist.gov/vuln/detail/CVE-2026-46070
https://git.kernel.org/stable/c/33698bd1b2db9764a29df7751533d33967ff5c98
https://git.kernel.org/stable/c/406aa86394ead347c47428fb51b6359bdaa2257d
https://git.kernel.org/stable/c/73ce72edd113374801045924d4417199963f73a3
https://git.kernel.org/stable/c/b0cc3ae97e893bf54bbce447f4e9fd2e0b88bff9
https://git.kernel.org/stable/c/c3a1cf78bd1bbb51b2cc5189b4743056553c1e0e
https://github.com/advisories/GHSA-76hh-2v3c-vm3v