CVE-2026-43067

EPSS 0.07%
Veröffentlicht 05.05.2026 16:16:15
Zuletzt bearbeitet 08.05.2026 13:16:37
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

ext4: handle wraparound when searching for blocks for indirect mapped blocks

In the Linux kernel, the following vulnerability has been resolved:

ext4: handle wraparound when searching for blocks for indirect mapped blocks

Commit 4865c768b563 ("ext4: always allocate blocks only from groups
inode can use") restricts what blocks will be allocated for indirect
block based files to block numbers that fit within 32-bit block
numbers.

However, when using a review bot running on the latest Gemini LLM to
check this commit when backporting into an LTS based kernel, it raised
this concern:

   If ac->ac_g_ex.fe_group is >= ngroups (for instance, if the goal
   group was populated via stream allocation from s_mb_last_groups),
   then start will be >= ngroups.

   Does this allow allocating blocks beyond the 32-bit limit for
   indirect block mapped files? The commit message mentions that
   ext4_mb_scan_groups_linear() takes care to not select unsupported
   groups. However, its loop uses group = *start, and the very first
   iteration will call ext4_mb_scan_group() with this unsupported
   group because next_linear_group() is only called at the end of the
   iteration.

After reviewing the code paths involved and considering the LLM
review, I determined that this can happen when there is a file system
where some files/directories are extent-mapped and others are
indirect-block mapped.  To address this, add a safety clamp in
ext4_mb_scan_groups().

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 9

CNA 2 VulnDex Vulnerability Enrichment 11

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version 9d89b9d55e25cb340c5b4b769876edc551b7a9ff

Version < f89bba144938921a2249237ad04a0183ff3f8930

Status affected

Version 1b0edd6022a3f44ce87fea9959a9310f4628fbea

Version < 83170a05908b6cf2fb3235d3065bf613ff866f3c

Status affected

Version 9eea2f57d11b30049ff996ac3eff6e0dc8089e5f

Version < 4bec4a498ce86314d470ae6144120461f2138c29

Status affected

Version 34c803edc0b3365a42efcf9815acab63b4cf54e0

Version < 12624c5b724a81e14e532972b40d863b0de3b7d1

Status affected

Version 321ed8d559c951e71ad2d2d69a4cf0445644e865

Version < 2a368ccddfc492a0aa951e2caef2985f20e96503

Status affected

Version 4865c768b563deff1b6a6384e74a62f143427b42

Version < bb81702370fad22c06ca12b6e1648754dbc37e0f

Status affected

Version 16fce6b6c0b247258c6c217fce5a48abf50f6964

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version 6.1.167

Version < 6.1.168

Status affected

Version 6.6.130

Version < 6.6.134

Status affected

Version 6.12.77

Version < 6.12.80

Status affected

Version 6.18.14

Version < 6.18.21

Status affected

Version 6.19.4

Version < 6.19.11

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.217

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/12624c5b724a81e14e532972b40d863b0de3b7d1

https://git.kernel.org/stable/c/2a368ccddfc492a0aa951e2caef2985f20e96503

https://git.kernel.org/stable/c/4bec4a498ce86314d470ae6144120461f2138c29

https://git.kernel.org/stable/c/83170a05908b6cf2fb3235d3065bf613ff866f3c

https://git.kernel.org/stable/c/bb81702370fad22c06ca12b6e1648754dbc37e0f

https://git.kernel.org/stable/c/f89bba144938921a2249237ad04a0183ff3f8930

https://nvd.nist.gov/vuln/detail/CVE-2026-43067

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-43067

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-43067

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-43067