CVE-2026-23238

EPSS 0.01%
Veröffentlicht 04.03.2026 14:38:42
Zuletzt bearbeitet 17.03.2026 21:15:39
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

romfs: check sb_set_blocksize() return value

romfs_fill_super() ignores the return value of sb_set_blocksize(), which
can fail if the requested block size is incompatible with the block
device's configuration.

This can be triggered by setting a loop device's block size larger than
PAGE_SIZE using ioctl(LOOP_SET_BLOCK_SIZE, 32768), then mounting a romfs
filesystem on that device.

When sb_set_blocksize(sb, ROMBSIZE) is called with ROMBSIZE=4096 but the
device has logical_block_size=32768, bdev_validate_blocksize() fails
because the requested size is smaller than the device's logical block
size. sb_set_blocksize() returns 0 (failure), but romfs ignores this and
continues mounting.

The superblock's block size remains at the device's logical block size
(32768). Later, when sb_bread() attempts I/O with this oversized block
size, it triggers a kernel BUG in folio_set_bh():

    kernel BUG at fs/buffer.c:1582!
    BUG_ON(size > PAGE_SIZE);

Fix by checking the return value of sb_set_blocksize() and failing the
mount with -EINVAL if it returns 0.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 2.6.12.1 < 5.10.251

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.201

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.164

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.127

Linux ≫ Linux Kernel Version >= 6.7 < 6.12.74

Linux ≫ Linux Kernel Version >= 6.13 < 6.18.13

Linux ≫ Linux Kernel Version2.6.12 Update-

Linux ≫ Linux Kernel Version2.6.12 Updaterc2

Linux ≫ Linux Kernel Version2.6.12 Updaterc3

Linux ≫ Linux Kernel Version2.6.12 Updaterc4

Linux ≫ Linux Kernel Version2.6.12 Updaterc5

Linux ≫ Linux Kernel Version6.19 Updaterc1

Linux ≫ Linux Kernel Version6.19 Updaterc2

Linux ≫ Linux Kernel Version6.19 Updaterc3

Linux ≫ Linux Kernel Version6.19 Updaterc4

Linux ≫ Linux Kernel Version6.19 Updaterc5

Linux ≫ Linux Kernel Version6.19 Updaterc6

Linux ≫ Linux Kernel Version6.19 Updaterc7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.005

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://git.kernel.org/stable/c/a381f0f61b35c8894b0bd0d6acef2d8f9b08b244

Patch

https://git.kernel.org/stable/c/f2521ab1f63a8c244f06a080319e5ff9a2e1bd95

Patch

https://git.kernel.org/stable/c/2c5829cd8fbbc91568c520b666898f57cdcb8cf6

Patch

https://git.kernel.org/stable/c/cbd9931e6456822067725354d83446c5bb813030

Patch

https://git.kernel.org/stable/c/9b203b8ddd7359270e8a694d0584743555128e2c

Patch

https://git.kernel.org/stable/c/4b71ad7676564a94ec5f7d18298f51e8ae53db73

Patch