{"id":52413,"date":"2026-05-08T08:45:18","date_gmt":"2026-05-08T08:45:18","guid":{"rendered":"https:\/\/zero.redgem.net\/?p=52413"},"modified":"2026-05-08T08:45:18","modified_gmt":"2026-05-08T08:45:18","slug":"xfs-delete-attr-leaf-freemap-entries-when-empty","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=52413","title":{"rendered":"xfs: delete attr leaf freemap entries when empty_CVE-2026-43187"},"content":{"rendered":"

{“lastseen”:””,”description”:”In the Linux kernel, the following vulnerability has been resolved:\\n\\nxfs: delete attr leaf freemap entries when empty\\n\\nBack in commit 2a2b5932db6758 (\\”xfs: fix attr leaf header freemap.size\\nunderflow\\”), Brian Foster observed that it’s possible for a small\\nfreemap at the end of the end of the xattr entries array to experience\\na size underflow when subtracting the space consumed by an expansion of\\nthe entries array. There are only three freemap entries, which means\\nthat it is not a complete index of all free space in the leaf block.\\n\\nThis code can leave behind a zero-length freemap entry with a nonzero\\nbase. Subsequent setxattr operations can increase the base up to the\\npoint that it overlaps with another freemap entry. This isn’t in and of\\nitself a problem because the code in _leaf_add that finds free space\\nignores any freemap entry with zero size.\\n\\nHowever, there’s another bug in the freemap update code in _leaf_add,\\nwhich is that it fails to update a freemap entry that begins midway\\nthrough the xattr entry that was just appended to the array. That can\\nresult in the freemap containing two entries with the same base but\\ndifferent sizes (0 for the \\”pushed-up\\” entry, nonzero for the entry\\nthat’s actually tracking free space). A subsequent _leaf_add can then\\nallocate xattr namevalue entries on top of the entries array, leading to\\ndata loss. But fixing that is for later.\\n\\nFor now, eliminate the possibility of confusion by zeroing out the base\\nof any freemap entry that has zero size. Because the freemap is not\\nintended to be a complete index of free space, a subsequent failure to\\nfind any free space for a new xattr will trigger block compaction, which\\nregenerates the freemap.\\n\\nIt looks like this bug has been in the codebase for quite a long time.”,”published”:”2026-05-06T11:27:57.727Z”,”modified”:”2026-05-08T12:41:05.734Z”,”type”:”cve”,”title”:”xfs: delete attr leaf freemap entries when empty”,”source”:”Linux”,”references”:”https:\/\/git.kernel.org\/stable\/c\/f3c0d1fc1eadbb4adbee5ab7757d41d35f48325b\\nhttps:\/\/git.kernel.org\/stable\/c\/aa9083d97e2157da3c6fb45ddb1a97af7f188f7f\\nhttps:\/\/git.kernel.org\/stable\/c\/a631899025d47ea1aa6464d76db5b4d3b6d196fd\\nhttps:\/\/git.kernel.org\/stable\/c\/ffaf5c99d0f862db021fb1af8b813c1416b1beb2\\nhttps:\/\/git.kernel.org\/stable\/c\/e1b8c6452ee99a30e188a88f3f3f804fb1c6004a\\nhttps:\/\/git.kernel.org\/stable\/c\/f31a8334e1c54b126fcecf98645a49b6bc5ad399\\nhttps:\/\/git.kernel.org\/stable\/c\/479b05fc3ee272090f671b06a41f3da8aa78eece\\nhttps:\/\/git.kernel.org\/stable\/c\/6f13c1d2a6271c2e73226864a0e83de2770b6f34″,”id”:”CVE-2026-43187″,”bulletinFamily”:””,”cwe”:null,”cvelist”:null,”sourceData”:”Linux Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\\nLinux Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\\nLinux Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\\nLinux Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\\nLinux Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\\nLinux Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\\nLinux Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\\nLinux Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\\nLinux Linux 2.6.12″,”sourceHref”:””,”cvss”:{“score”:8.8,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”Linux”,”version”:”1da177e4c3f41524e886b7f1b8a0c1fc7321cac2″,”vendor”:”Linux”,”ai_description”:”AI processing failed – invalid JSON response”,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:””,”description”:”In the Linux kernel, the following vulnerability has been resolved:\\n\\nxfs: delete attr leaf freemap entries when empty\\n\\nBack in commit 2a2b5932db6758 (\\”xfs: fix attr leaf header…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,41,12,15,13,7,11,5],"class_list":["post-52413","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-88","tag-exploit","tag-high","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\nxfs: delete attr leaf freemap entries when empty_CVE-2026-43187 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=52413\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"xfs: delete attr leaf freemap entries when empty_CVE-2026-43187 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:””,”description”:”In the Linux kernel, the following vulnerability has been resolved:nnxfs: delete attr leaf freemap entries when emptynnBack in commit 2a2b5932db6758 (”xfs: fix attr leaf header...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=52413\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-08T08:45:18+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=52413#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=52413\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"xfs: delete attr leaf freemap entries when empty_CVE-2026-43187\",\"datePublished\":\"2026-05-08T08:45:18+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=52413\"},\"wordCount\":708,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-8.8\",\"exploit\",\"HIGH\",\"news\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_cve\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=52413#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=52413\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=52413\",\"name\":\"xfs: delete attr leaf freemap entries when empty_CVE-2026-43187 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-05-08T08:45:18+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=52413#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=52413\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=52413#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"xfs: delete attr leaf freemap entries when empty_CVE-2026-43187\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"xfs: delete attr leaf freemap entries when empty_CVE-2026-43187 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=52413","og_locale":"en_US","og_type":"article","og_title":"xfs: delete attr leaf freemap entries when empty_CVE-2026-43187 - zero redgem","og_description":"{“lastseen”:””,”description”:”In the Linux kernel, the following vulnerability has been resolved:nnxfs: delete attr leaf freemap entries when emptynnBack in commit 2a2b5932db6758 (”xfs: fix attr leaf header...","og_url":"https:\/\/zero.redgem.net\/?p=52413","og_site_name":"zero redgem","article_published_time":"2026-05-08T08:45:18+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=52413#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=52413"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"xfs: delete attr leaf freemap entries when empty_CVE-2026-43187","datePublished":"2026-05-08T08:45:18+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=52413"},"wordCount":708,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-8.8","exploit","HIGH","news","Security","tapic","Vulnerability"],"articleSection":["category_cve"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=52413#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=52413","url":"https:\/\/zero.redgem.net\/?p=52413","name":"xfs: delete attr leaf freemap entries when empty_CVE-2026-43187 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-05-08T08:45:18+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=52413#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=52413"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=52413#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"xfs: delete attr leaf freemap entries when empty_CVE-2026-43187"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/52413","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=52413"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/52413\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=52413"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=52413"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=52413"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}