erofs: fix interlaced plain identification for encoded extents_CVE-2026-43166

7.1 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Description

In the Linux kernel, the following vulnerability has been resolved:

erofs: fix interlaced plain identification for encoded extents

Only plain data whose start position and on-disk physical length are
both aligned to the block size should be classified as interlaced
plain extents. Otherwise, it must be treated as shifted plain extents.

This issue was found by syzbot using a crafted compressed image
containing plain extents with unaligned physical lengths, which can
cause OOB read in z_erofs_transform_plain().

Basic Information

ID CVE-2026-43166

Source Linux

Published May 6, 2026 at 11:27

Modified May 8, 2026 at 12:40

Affected Product

Vendor Linux

Product Linux

Version 1d191b4ca51d73699cb127386b95ac152af2b930

Affected Versions Linux Linux 1d191b4ca51d73699cb127386b95ac152af2b930
Linux Linux 1d191b4ca51d73699cb127386b95ac152af2b930
Linux Linux 1d191b4ca51d73699cb127386b95ac152af2b930
Linux Linux 6.15

References

{
    "lastseen": "",
    "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix interlaced plain identification for encoded extents\n\nOnly plain data whose start position and on-disk physical length are\nboth aligned to the block size should be classified as interlaced\nplain extents. Otherwise, it must be treated as shifted plain extents.\n\nThis issue was found by syzbot using a crafted compressed image\ncontaining plain extents with unaligned physical lengths, which can\ncause OOB read in z_erofs_transform_plain().",
    "published": "2026-05-06T11:27:43.242Z",
    "modified": "2026-05-08T12:40:56.151Z",
    "type": "cve",
    "title": "erofs: fix interlaced plain identification for encoded extents",
    "source": "Linux",
    "references": "https://git.kernel.org/stable/c/9d5a97bc71ed5783687705c708454c4453aa91d1\nhttps://git.kernel.org/stable/c/d3790f26d38606f020212486359b84632c19d08b\nhttps://git.kernel.org/stable/c/4a2d046e4b13202a6301a993961f5b30ae4d7119",
    "id": "CVE-2026-43166",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Linux Linux 1d191b4ca51d73699cb127386b95ac152af2b930\nLinux Linux 1d191b4ca51d73699cb127386b95ac152af2b930\nLinux Linux 1d191b4ca51d73699cb127386b95ac152af2b930\nLinux Linux 6.15",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Linux",
    "version": "1d191b4ca51d73699cb127386b95ac152af2b930",
    "vendor": "Linux",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply