CVE Catalog

CVE-2026-43067

Critical
Published: Translated: NVD NIST

Summary

A vulnerability in the Linux kernel related to the ext4 filesystem has been resolved, concerning the handling of wraparound when searching for blocks for indirect mapped files. A code change restricts block allocation to numbers fitting within 32-bit block numbers.

Risk Assessment

The vulnerability may allow block allocation beyond the 32-bit limit, posing risks of data corruption or unexpected filesystem behavior. Organizations should be aware of potential data integrity issues.

Recommendation

It is recommended to update the Linux kernel to the latest version that includes fixes for this vulnerability. Additionally, monitor systems for unauthorized block allocations.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: ext4: handle wraparound when searching for blocks for indirect mapped blocks Commit 4865c768b563 ("ext4: always allocate blocks only from groups inode can use") restricts what blocks will be allocated for indirect block based files to block numbers that fit within 32-bit block numbers. However, when using a review bot running on the latest Gemini LLM to check this commit when backporting into an LTS based kernel, it raised this concern: If ac->ac_g_ex.fe_group is >= ngroups (for instance, if the goal group was populated via stream allocation from s_mb_last_groups), then start will be >= ngroups. Does this allow allocating blocks beyond the 32-bit limit for indirect block mapped files? The commit message mentions that ext4_mb_scan_groups_linear() takes care to not select unsupported groups. However, its loop uses group = *start, and the very first iteration will call ext4_mb_scan_group() wit

Vulnerability data from NVD (NIST) · CISA KEV · EPSS