CVE-2026-55392
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk1th percentile — higher than 1% of all known CVEs
Summary
NILFS utilities up to version 2.3.0 have a validation issue with the s_log_block_size field in the NILFS2 superblock in the nilfs_sb_is_valid() function. Attackers can supply crafted NILFS2 images, leading to undefined behavior and crashes of tools like nilfs-tune and dumpseg.
Risk Assessment
Exploitation of this vulnerability may lead to critical tool crashes, disrupting NILFS2 file system management operations within the organization.
Recommendation
It is recommended to upgrade to NILFS utilities version above 2.3.0 to mitigate this vulnerability and to monitor systems for unauthorized NILFS2 images.
Original NVD description (English source)
NILFS utilities through 2.3.0, fixed in commit 26efb5d, nilfs_sb_is_valid() function fails to validate s_log_block_size field in NILFS2 superblock before bit-shift operations. Attackers supplying crafted NILFS2 images trigger undefined behavior through oversized shifts or out-of-memory conditions, crashing tools like nilfs-tune and dumpseg.

