CVE Catalog

CVE-2026-46329

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

5th percentile - higher than 5% of all known CVEs

Summary

In the Linux kernel, the EROFS filesystem for file-backed mounts has a vulnerability where I/O requests beyond the end of the filesystem are not properly zeroed out. This could lead to data disclosure or unexpected behavior.

Risk Assessment

The organization is at risk of potential memory data leakage or system instability during read/write operations on mounted EROFS images.

Recommendation

It is recommended to immediately update the Linux kernel to a version containing the fix for CVE-2026-46329 and monitor EROFS filesystems for abnormal I/O operations.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: erofs: handle end of filesystem properly for file-backed mounts I/O requests beyond the end of the filesystem should be zeroed out, similar to loopback devices and that is what we expect.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS