7.5

CVE-2026-46124

isofs: validate block number from NFS file handle in isofs_export_iget

In the Linux kernel, the following vulnerability has been resolved:

isofs: validate block number from NFS file handle in isofs_export_iget

isofs_fh_to_dentry() and isofs_fh_to_parent() pass an attacker-
controlled block number (ifid->block or ifid->parent_block) from
the NFS file handle to isofs_export_iget(), which only rejects
block == 0 before calling isofs_iget() and ultimately sb_bread().
A crafted file handle with fh_len sufficient to pass the check
added by commit 0405d4b63d08 ("isofs: Prevent the use of too small
fid") can still drive the server to read any in-range block on the
backing device as if it were an iso_directory_record.  That earlier
fix was assigned CVE-2025-37780.

sb_bread() on an out-of-range block returns NULL cleanly via the
EIO path, so there is no memory-safety violation.  For in-range
reads of adjacent-partition data on the same block device, the
unrelated bytes end up in iso_inode_info fields that reach the NFS
client as dentry metadata.  The deployment surface (isofs exported
over NFS from loop-mounted images) is narrow and requires an
authenticated NFS peer, but the malformed-file-handle class is
reportable as hardening next to the existing CVE-2025-37780 fix.

Reject block >= ISOFS_SB(sb)->s_nzones in isofs_export_iget() so
the check covers both isofs_fh_to_dentry() and isofs_fh_to_parent()
call sites with a single line.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.4.293 < 5.5
LinuxLinux Kernel Version >= 5.10.237 < 5.10.258
LinuxLinux Kernel Version >= 5.15.181 < 5.15.209
LinuxLinux Kernel Version >= 6.1.135 < 6.1.175
LinuxLinux Kernel Version >= 6.6.88 < 6.6.140
LinuxLinux Kernel Version >= 6.12.25 < 6.12.88
LinuxLinux Kernel Version >= 6.14.4 < 6.15
LinuxLinux Kernel Version >= 6.15.1 < 6.18.30
LinuxLinux Kernel Version >= 6.19 < 7.0.7
LinuxLinux Kernel Version6.15 Update-
LinuxLinux Kernel Version6.15 Updaterc3
LinuxLinux Kernel Version6.15 Updaterc4
LinuxLinux Kernel Version6.15 Updaterc5
LinuxLinux Kernel Version6.15 Updaterc6
LinuxLinux Kernel Version6.15 Updaterc7
LinuxLinux Kernel Version7.1 Updaterc1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.43% 0.338
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/bb0988ed4f2e26d59bbb58f644cb3a55b7521e21
Patch
https://git.kernel.org/stable/c/0a1af74ae2177bda3aee0837a0546309aa539d0d
Patch
https://git.kernel.org/stable/c/afbafeddf23db13fe2edb2d5c0bf4bbb13d7881b
Patch
https://git.kernel.org/stable/c/4c721a1d9b3c4fcaf59cc9b2281e3ec5a043e1a6
Patch
https://git.kernel.org/stable/c/24376458138387fb251e782e624c7776e9826796
Patch
https://git.kernel.org/stable/c/31dbb4ba0f719ae7774e4c0c95172c9bf81692f5
Patch
https://git.kernel.org/stable/c/908a76f0b1038035e6ebb4f2293ce079f92e0a02
Patch
https://git.kernel.org/stable/c/ee0024f5a7e3c73aa253869fae9650ae054093ca
Patch