CVE-2026-46329
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk5th percentile - higher than 5% of all known CVEs
Summary
In the Linux kernel, the EROFS filesystem for file-backed mounts has a vulnerability where I/O requests beyond the end of the filesystem are not properly zeroed out. This could lead to data disclosure or unexpected behavior.
Risk Assessment
The organization is at risk of potential memory data leakage or system instability during read/write operations on mounted EROFS images.
Recommendation
It is recommended to immediately update the Linux kernel to a version containing the fix for CVE-2026-46329 and monitor EROFS filesystems for abnormal I/O operations.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: erofs: handle end of filesystem properly for file-backed mounts I/O requests beyond the end of the filesystem should be zeroed out, similar to loopback devices and that is what we expect.

