CVE-2026-23388

HIGH

Squashfs: check metadata block offset is within range

Title source: cna

Description

In the Linux kernel, the following vulnerability has been resolved: Squashfs: check metadata block offset is within range Syzkaller reports a "general protection fault in squashfs_copy_data" This is ultimately caused by a corrupted index look-up table, which produces a negative metadata block offset. This is subsequently passed to squashfs_copy_data (via squashfs_read_metadata) where the negative offset causes an out of bounds access. The fix is to check that the offset is within range in squashfs_read_metadata. This will trap this and other cases.

References (8)

Core 8

Core References

https://git.kernel.org/stable/c/60f679f643f3f36a8571ea585e4ce5d93ef952b5

https://git.kernel.org/stable/c/3f68a9457a6190814377577374da75f872e0a013

https://git.kernel.org/stable/c/0c8ab092aec3ac4294940054772d30b511b16713

https://git.kernel.org/stable/c/6b847d65f5b0065e02080c61fad93d57d6686383

https://git.kernel.org/stable/c/9e9fa5ad37c9cbad73c165c7ff1e76e650825e7c

https://git.kernel.org/stable/c/01ee0bcc29864b78249308e8b35042b09bbf5fe3

https://git.kernel.org/stable/c/3b9499e7d677dd4366239a292238489a804936b2

https://git.kernel.org/stable/c/fdb24a820a5832ec4532273282cbd4f22c291a0d

Scores

CVSS v3 7.1

EPSS 0.0001

EPSS Percentile 3.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Details

CWE

CWE-125

Status published

Products (27)

linux/Kernel 2.6.29 - 6.1.167linux

linux/Kernel 6.13.0 - 6.18.17linux

linux/Kernel 6.19.0 - 6.19.7linux

linux/Kernel 6.2.0 - 6.6.130linux

linux/Kernel 6.7.0 - 6.12.77linux

Linux/Linux < 2.6.29

Linux/Linux 2.6.29

Linux/Linux 5.10.253 - 5.10.*

Linux/Linux 5.15.203 - 5.15.*

Linux/Linux 6.1.167 - 6.1.*

... and 17 more

Published Mar 25, 2026

Tracked Since Mar 25, 2026