7.1

CVE-2026-46078

erofs: fix the out-of-bounds nameoff handling for trailing dirents

In the Linux kernel, the following vulnerability has been resolved:

erofs: fix the out-of-bounds nameoff handling for trailing dirents

Currently we already have boundary-checks for nameoffs, but the trailing
dirents are special since the namelens are calculated with strnlen()
with unchecked nameoffs.

If a crafted EROFS has a trailing dirent with nameoff >= maxsize,
maxsize - nameoff can underflow, causing strnlen() to read past the
directory block.

nameoff0 should also be verified to be a multiple of
`sizeof(struct erofs_dirent)` as well [1].

[1] https://sashiko.dev/#/patchset/20260416063511.3173774-1-hsiangkao%40linux.alibaba.com
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 4.19 < 5.10.259
LinuxLinux Kernel Version >= 5.11 < 5.15.210
LinuxLinux Kernel Version >= 5.16 < 6.1.175
LinuxLinux Kernel Version >= 6.2 < 6.6.140
LinuxLinux Kernel Version >= 6.7 < 6.12.86
LinuxLinux Kernel Version >= 6.13 < 6.18.27
LinuxLinux Kernel Version >= 6.19 < 7.0.4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.13% 0.03
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67 7.1 1.8 5.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://git.kernel.org/stable/c/222055e6b4063abd2d9e13c3d49bbd1724c50789
Patch
https://git.kernel.org/stable/c/48b27a955d22391c7f30169fa7b6b2e1977f1ce4
Patch
https://git.kernel.org/stable/c/8ebb951a284b7446e025afc7dc5e9516ef9a7214
Patch
https://git.kernel.org/stable/c/1d55445226c75ddd4e78b09b3e7d99109b28c366
Patch
https://git.kernel.org/stable/c/d18a3b5d337fa412a38e776e6b4b857a58836575
Patch
https://git.kernel.org/stable/c/80a23c6d1aba35be8746d74ac14e6ba5ae46da21
Patch
https://git.kernel.org/stable/c/a8ee527807f7d97e55ce2ef2906f7f34975eb1c7
Patch
https://git.kernel.org/stable/c/aa16dca1b062355181ef215229eeac249d7c0d61
Patch