CVE-2026-43179

MEDIUM

erofs: fix incorrect early exits for invalid metabox-enabled images

Title source: cna

Description

In the Linux kernel, the following vulnerability has been resolved: erofs: fix incorrect early exits for invalid metabox-enabled images Crafted EROFS images with metadata compression enabled can trigger incorrect early returns, leading to folio reference leaks. However, this does not cause system crashes or other severe issues.

References (3)

Core 3

Core References

https://git.kernel.org/stable/c/041b5163bb9b2e81050bcd885b3373bf2f42d5f5

https://git.kernel.org/stable/c/56e4a84220045b6af0f1efc11825b39217c7decf

https://git.kernel.org/stable/c/643575d5a4f24b23b0c54aa20aa74a4abed8ff5e

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 2.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

Status published

Products (9)

Linux/Linux < 6.17

Linux/Linux 414091322c6363c9283aeb177101e4d7a3819ccd - 041b5163bb9b2e81050bcd885b3373bf2f42d5f5

Linux/Linux 414091322c6363c9283aeb177101e4d7a3819ccd - 56e4a84220045b6af0f1efc11825b39217c7decf

Linux/Linux 414091322c6363c9283aeb177101e4d7a3819ccd - 643575d5a4f24b23b0c54aa20aa74a4abed8ff5e

Linux/Linux 6.17

Linux/Linux 6.18.16 - 6.18.*

Linux/Linux 6.19.6 - 6.19.*

Linux/Linux 7.0

linux/linux_kernel 6.17 - 6.18.16

Published May 06, 2026

Tracked Since May 06, 2026