7.1

CVE-2026-43166

erofs: fix interlaced plain identification for encoded extents

In the Linux kernel, the following vulnerability has been resolved:

erofs: fix interlaced plain identification for encoded extents

Only plain data whose start position and on-disk physical length are
both aligned to the block size should be classified as interlaced
plain extents. Otherwise, it must be treated as shifted plain extents.

This issue was found by syzbot using a crafted compressed image
containing plain extents with unaligned physical lengths, which can
cause OOB read in z_erofs_transform_plain().
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.15 < 6.18.16
LinuxLinux Kernel Version >= 6.19 < 6.19.6
LinuxLinux Kernel Version7.0 Updaterc1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.13% 0.03
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/9d5a97bc71ed5783687705c708454c4453aa91d1
Patch
https://git.kernel.org/stable/c/d3790f26d38606f020212486359b84632c19d08b
Patch
https://git.kernel.org/stable/c/4a2d046e4b13202a6301a993961f5b30ae4d7119
Patch