CVE-2026-43063

HIGH

xfs: don't irele after failing to iget in xfs_attri_recover_work

Title source: cna

Description

In the Linux kernel, the following vulnerability has been resolved: xfs: don't irele after failing to iget in xfs_attri_recover_work xlog_recovery_iget* never set @ip to a valid pointer if they return an error, so this irele will walk off a dangling pointer. Fix that.

References (4)

Core 4

Core References

https://git.kernel.org/stable/c/b5c5a50c2f513d4a13a6763564a07b470e69cc5a

https://git.kernel.org/stable/c/a1a5df1038f0b3c560d204270373621a4e622808

https://git.kernel.org/stable/c/40082d08b638485cbaa543dc8087a3d1844d6f08

https://git.kernel.org/stable/c/70685c291ef82269180758130394ecdc4496b52c

Scores

CVSS v3 7.8

EPSS 0.0001

EPSS Percentile 2.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Status published

Products (10)

Linux/Linux < 6.10

Linux/Linux 6.10

Linux/Linux 6.12.80 - 6.12.*

Linux/Linux 6.18.21 - 6.18.*

Linux/Linux 6.19.11 - 6.19.*

Linux/Linux 7.0

Linux/Linux ae673f534a30976ce5e709c4535a59c12b786ef3 - 40082d08b638485cbaa543dc8087a3d1844d6f08

Linux/Linux ae673f534a30976ce5e709c4535a59c12b786ef3 - 70685c291ef82269180758130394ecdc4496b52c

Linux/Linux ae673f534a30976ce5e709c4535a59c12b786ef3 - a1a5df1038f0b3c560d204270373621a4e622808

Linux/Linux ae673f534a30976ce5e709c4535a59c12b786ef3 - b5c5a50c2f513d4a13a6763564a07b470e69cc5a

Published May 05, 2026

Tracked Since May 05, 2026