CVE-2026-43228

EPSS 0.01%
Veröffentlicht 06.05.2026 11:28:26
Zuletzt bearbeitet 08.05.2026 21:16:13
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

hfs: Replace BUG_ON with error handling for CNID count checks

In the Linux kernel, the following vulnerability has been resolved:

hfs: Replace BUG_ON with error handling for CNID count checks

In a06ec283e125 next_id, folder_count, and file_count in the super block
info were expanded to 64 bits, and BUG_ONs were added to detect
overflow. This triggered an error reported by syzbot: if the MDB is
corrupted, the BUG_ON is triggered. This patch replaces this mechanism
with proper error handling and resolves the syzbot reported bug.

Singed-off-by: Jori Koolstra <jkoolstra@xs4all.nl>

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 6.18 < 6.19.6

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.029

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://git.kernel.org/stable/c/b6536c1ced315fa645576d3a39c6e07f2a472962

Patch

https://git.kernel.org/stable/c/b226804532a875c10276168dc55ce752944096bd

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-43228

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-43228

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-43228

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-43228