CVE-2026-46078
HighCVSS 7.1Exploitation Probability (EPSS)
Low risk3th percentile - higher than 3% of all known CVEs
Summary
A vulnerability has been identified in the Linux kernel regarding the handling of nameoff pointers for trailing dirents in the EROFS filesystem. The issue arises from incorrect calculations that may lead to reading past the directory block.
Risk Assessment
This vulnerability could lead to unauthorized memory access, posing risks to data integrity and confidentiality within the system. It may also allow attackers to execute malicious code.
Recommendation
It is recommended to update the Linux kernel to the latest version where this vulnerability has been fixed. Additionally, an audit of systems using EROFS should be conducted to identify potential threats.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: erofs: fix the out-of-bounds nameoff handling for trailing dirents Currently we already have boundary-checks for nameoffs, but the trailing dirents are special since the namelens are calculated with strnlen() with unchecked nameoffs. If a crafted EROFS has a trailing dirent with nameoff >= maxsize, maxsize - nameoff can underflow, causing strnlen() to read past the directory block. nameoff0 should also be verified to be a multiple of `sizeof(struct erofs_dirent)` as well [1]. [1] https://sashiko.dev/#/patchset/20260416063511.3173774-1-hsiangkao%40linux.alibaba.com

