{"id":58491,"date":"2026-05-30T07:58:30","date_gmt":"2026-05-30T07:58:30","guid":{"rendered":"https:\/\/zero.redgem.net\/?p=58491"},"modified":"2026-05-30T07:58:30","modified_gmt":"2026-05-30T07:58:30","slug":"isofs-validate-block-number-from-nfs-file-handle-in-isofsexportiget","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=58491","title":{"rendered":"isofs: validate block number from NFS file handle in isofs_export_iget_CVE-2026-46124"},"content":{"rendered":"

{“lastseen”:””,”description”:”In the Linux kernel, the following vulnerability has been resolved:\\n\\nisofs: validate block number from NFS file handle in isofs_export_iget\\n\\nisofs_fh_to_dentry() and isofs_fh_to_parent() pass an attacker-\\ncontrolled block number (ifid-\\u003eblock or ifid-\\u003eparent_block) from\\nthe NFS file handle to isofs_export_iget(), which only rejects\\nblock == 0 before calling isofs_iget() and ultimately sb_bread().\\nA crafted file handle with fh_len sufficient to pass the check\\nadded by commit 0405d4b63d08 (\\”isofs: Prevent the use of too small\\nfid\\”) can still drive the server to read any in-range block on the\\nbacking device as if it were an iso_directory_record. That earlier\\nfix was assigned CVE-2025-37780.\\n\\nsb_bread() on an out-of-range block returns NULL cleanly via the\\nEIO path, so there is no memory-safety violation. For in-range\\nreads of adjacent-partition data on the same block device, the\\nunrelated bytes end up in iso_inode_info fields that reach the NFS\\nclient as dentry metadata. The deployment surface (isofs exported\\nover NFS from loop-mounted images) is narrow and requires an\\nauthenticated NFS peer, but the malformed-file-handle class is\\nreportable as hardening next to the existing CVE-2025-37780 fix.\\n\\nReject block \\u003e= ISOFS_SB(sb)-\\u003es_nzones in isofs_export_iget() so\\nthe check covers both isofs_fh_to_dentry() and isofs_fh_to_parent()\\ncall sites with a single line.”,”published”:”2026-05-28T09:35:38.887Z”,”modified”:”2026-05-30T10:48:03.773Z”,”type”:”cve”,”title”:”isofs: validate block number from NFS file handle in isofs_export_iget”,”source”:”Linux”,”references”:”https:\/\/git.kernel.org\/stable\/c\/bb0988ed4f2e26d59bbb58f644cb3a55b7521e21\\nhttps:\/\/git.kernel.org\/stable\/c\/0a1af74ae2177bda3aee0837a0546309aa539d0d\\nhttps:\/\/git.kernel.org\/stable\/c\/afbafeddf23db13fe2edb2d5c0bf4bbb13d7881b\\nhttps:\/\/git.kernel.org\/stable\/c\/4c721a1d9b3c4fcaf59cc9b2281e3ec5a043e1a6\\nhttps:\/\/git.kernel.org\/stable\/c\/24376458138387fb251e782e624c7776e9826796″,”id”:”CVE-2026-46124″,”bulletinFamily”:””,”cwe”:null,”cvelist”:null,”sourceData”:”Linux Linux 952e7a7e317f126d0a2b879fc531b716932d5ffa\\nLinux Linux 56dfffea9fd3be0b3795a9ca6401e133a8427e0b\\nLinux Linux 0405d4b63d082861f4eaff9d39c78ee9dc34f845\\nLinux Linux 0405d4b63d082861f4eaff9d39c78ee9dc34f845\\nLinux Linux 0405d4b63d082861f4eaff9d39c78ee9dc34f845\\nLinux Linux ee01a309ebf598be1ff8174901ed6e91619f1749\\nLinux Linux 5e7de55602c61c8ff28db075cc49c8dd6989d7e0\\nLinux Linux 63d5a3e207bf315a32c7d16de6c89753a759f95a\\nLinux Linux 0fdafdaef796816a9ed0fd7ac812932d569d9beb\\nLinux Linux 007124c896e7d4614ac1f6bd4dedb975c35a2a8e\\nLinux Linux 6.6.88\\nLinux Linux 6.12.25\\nLinux Linux 5.4.293\\nLinux Linux 5.10.237\\nLinux Linux 5.15.181\\nLinux Linux 6.1.135\\nLinux Linux 6.14.4\\nLinux Linux 6.15″,”sourceHref”:””,”cvss”:{“score”:7.5,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:N\/A:N”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”Linux”,”version”:”952e7a7e317f126d0a2b879fc531b716932d5ffa”,”vendor”:”Linux”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:””,”description”:”In the Linux kernel, the following vulnerability has been resolved:\\n\\nisofs: validate block number from NFS file handle in isofs_export_iget\\n\\nisofs_fh_to_dentry() and isofs_fh_to_parent() pass an attacker-\\ncontrolled block…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,16,12,15,13,7,11,5],"class_list":["post-58491","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-75","tag-exploit","tag-high","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\nisofs: validate block number from NFS file handle in isofs_export_iget_CVE-2026-46124 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=58491\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"isofs: validate block number from NFS file handle in isofs_export_iget_CVE-2026-46124 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:””,”description”:”In the Linux kernel, the following vulnerability has been resolved:nnisofs: validate block number from NFS file handle in isofs_export_igetnnisofs_fh_to_dentry() and isofs_fh_to_parent() pass an attacker-ncontrolled block...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=58491\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-30T07:58:30+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=58491#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=58491\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"isofs: validate block number from NFS file handle in isofs_export_iget_CVE-2026-46124\",\"datePublished\":\"2026-05-30T07:58:30+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=58491\"},\"wordCount\":594,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-7.5\",\"exploit\",\"HIGH\",\"news\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_cve\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=58491#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=58491\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=58491\",\"name\":\"isofs: validate block number from NFS file handle in isofs_export_iget_CVE-2026-46124 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-05-30T07:58:30+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=58491#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=58491\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=58491#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"isofs: validate block number from NFS file handle in isofs_export_iget_CVE-2026-46124\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"isofs: validate block number from NFS file handle in isofs_export_iget_CVE-2026-46124 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=58491","og_locale":"en_US","og_type":"article","og_title":"isofs: validate block number from NFS file handle in isofs_export_iget_CVE-2026-46124 - zero redgem","og_description":"{“lastseen”:””,”description”:”In the Linux kernel, the following vulnerability has been resolved:nnisofs: validate block number from NFS file handle in isofs_export_igetnnisofs_fh_to_dentry() and isofs_fh_to_parent() pass an attacker-ncontrolled block...","og_url":"https:\/\/zero.redgem.net\/?p=58491","og_site_name":"zero redgem","article_published_time":"2026-05-30T07:58:30+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=58491#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=58491"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"isofs: validate block number from NFS file handle in isofs_export_iget_CVE-2026-46124","datePublished":"2026-05-30T07:58:30+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=58491"},"wordCount":594,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-7.5","exploit","HIGH","news","Security","tapic","Vulnerability"],"articleSection":["category_cve"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=58491#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=58491","url":"https:\/\/zero.redgem.net\/?p=58491","name":"isofs: validate block number from NFS file handle in isofs_export_iget_CVE-2026-46124 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-05-30T07:58:30+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=58491#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=58491"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=58491#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"isofs: validate block number from NFS file handle in isofs_export_iget_CVE-2026-46124"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/58491","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=58491"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/58491\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=58491"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=58491"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=58491"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}