5.5
CVE-2026-23238
- EPSS 0.19%
- Veröffentlicht 04.03.2026 14:38:42
- Zuletzt bearbeitet 02.06.2026 14:16:48
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
romfs: check sb_set_blocksize() return value
In the Linux kernel, the following vulnerability has been resolved:
romfs: check sb_set_blocksize() return value
romfs_fill_super() ignores the return value of sb_set_blocksize(), which
can fail if the requested block size is incompatible with the block
device's configuration.
This can be triggered by setting a loop device's block size larger than
PAGE_SIZE using ioctl(LOOP_SET_BLOCK_SIZE, 32768), then mounting a romfs
filesystem on that device.
When sb_set_blocksize(sb, ROMBSIZE) is called with ROMBSIZE=4096 but the
device has logical_block_size=32768, bdev_validate_blocksize() fails
because the requested size is smaller than the device's logical block
size. sb_set_blocksize() returns 0 (failure), but romfs ignores this and
continues mounting.
The superblock's block size remains at the device's logical block size
(32768). Later, when sb_bread() attempts I/O with this oversized block
size, it triggers a kernel BUG in folio_set_bh():
kernel BUG at fs/buffer.c:1582!
BUG_ON(size > PAGE_SIZE);
Fix by checking the return value of sb_set_blocksize() and failing the
mount with -EINVAL if it returns 0.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 2.6.12.1 < 5.10.251
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.201
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.164
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.127
Linux ≫ Linux Kernel Version >= 6.7 < 6.12.74
Linux ≫ Linux Kernel Version >= 6.13 < 6.18.13
Linux ≫ Linux Kernel Version2.6.12 Update-
Linux ≫ Linux Kernel Version2.6.12 Updaterc2
Linux ≫ Linux Kernel Version2.6.12 Updaterc3
Linux ≫ Linux Kernel Version2.6.12 Updaterc4
Linux ≫ Linux Kernel Version2.6.12 Updaterc5
Linux ≫ Linux Kernel Version6.19 Updaterc1
Linux ≫ Linux Kernel Version6.19 Updaterc2
Linux ≫ Linux Kernel Version6.19 Updaterc3
Linux ≫ Linux Kernel Version6.19 Updaterc4
Linux ≫ Linux Kernel Version6.19 Updaterc5
Linux ≫ Linux Kernel Version6.19 Updaterc6
Linux ≫ Linux Kernel Version6.19 Updaterc7
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.086 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-617 Reachable Assertion
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
https://git.kernel.org/stable/c/a381f0f61b35c8894b0bd0d6acef2d8f9b08b244
https://git.kernel.org/stable/c/f2521ab1f63a8c244f06a080319e5ff9a2e1bd95
https://git.kernel.org/stable/c/2c5829cd8fbbc91568c520b666898f57cdcb8cf6
https://git.kernel.org/stable/c/cbd9931e6456822067725354d83446c5bb813030
https://git.kernel.org/stable/c/9b203b8ddd7359270e8a694d0584743555128e2c
https://git.kernel.org/stable/c/4b71ad7676564a94ec5f7d18298f51e8ae53db73
https://git.kernel.org/stable/c/ab7ad7abb3660c58ffffdf07ff3bb976e7e0afa0
https://cert-portal.siemens.com/productcert/html/ssa-253495.html