CVE Catalog

CVE-2026-46078

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.13%

3th percentile - higher than 3% of all known CVEs

Summary

A vulnerability has been identified in the Linux kernel regarding the handling of nameoff pointers for trailing dirents in the EROFS filesystem. The issue arises from incorrect calculations that may lead to reading past the directory block.

Risk Assessment

This vulnerability could lead to unauthorized memory access, posing risks to data integrity and confidentiality within the system. It may also allow attackers to execute malicious code.

Recommendation

It is recommended to update the Linux kernel to the latest version where this vulnerability has been fixed. Additionally, an audit of systems using EROFS should be conducted to identify potential threats.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: erofs: fix the out-of-bounds nameoff handling for trailing dirents Currently we already have boundary-checks for nameoffs, but the trailing dirents are special since the namelens are calculated with strnlen() with unchecked nameoffs. If a crafted EROFS has a trailing dirent with nameoff >= maxsize, maxsize - nameoff can underflow, causing strnlen() to read past the directory block. nameoff0 should also be verified to be a multiple of `sizeof(struct erofs_dirent)` as well [1]. [1] https://sashiko.dev/#/patchset/20260416063511.3173774-1-hsiangkao%40linux.alibaba.com

Vulnerability data from NVD (NIST) · CISA KEV · EPSS