7.1

CVE-2026-43166

EPSS 0.01%
Veröffentlicht 06.05.2026 11:27:43
Zuletzt bearbeitet 13.05.2026 21:18:46
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

erofs: fix interlaced plain identification for encoded extents

In the Linux kernel, the following vulnerability has been resolved:

erofs: fix interlaced plain identification for encoded extents

Only plain data whose start position and on-disk physical length are
both aligned to the block size should be classified as interlaced
plain extents. Otherwise, it must be treated as shifted plain extents.

This issue was found by syzbot using a crafted compressed image
containing plain extents with unaligned physical lengths, which can
cause OOB read in z_erofs_transform_plain().

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

NVD 3 VulnDex Vulnerability Enrichment 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 6.15 < 6.18.16

Linux ≫ Linux Kernel Version >= 6.19 < 6.19.6

Linux ≫ Linux Kernel Version7.0 Updaterc1

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.02

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67	7.1	1.8	5.2	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/9d5a97bc71ed5783687705c708454c4453aa91d1

Patch

https://git.kernel.org/stable/c/d3790f26d38606f020212486359b84632c19d08b

Patch

https://git.kernel.org/stable/c/4a2d046e4b13202a6301a993961f5b30ae4d7119

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-43166

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-43166

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-43166

EUVD