SB2026032552 - Out-of-bounds write in Linux kernel squashfs
Published: March 25, 2026
Security Bulletin ID
SB2026032552
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds write (CVE-ID: CVE-2026-23388)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to an improper input validation in the Squashfs filesystem component when processing a crafted filesystem image. A local user can mount a malicious Squashfs image to cause a general protection fault and crash the system.
Exploitation requires the ability to mount a specially crafted filesystem image, which typically requires user privileges but not root access.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/01ee0bcc29864b78249308e8b35042b09bbf5fe3
- https://git.kernel.org/stable/c/0c8ab092aec3ac4294940054772d30b511b16713
- https://git.kernel.org/stable/c/3b9499e7d677dd4366239a292238489a804936b2
- https://git.kernel.org/stable/c/6b847d65f5b0065e02080c61fad93d57d6686383
- https://git.kernel.org/stable/c/9e9fa5ad37c9cbad73c165c7ff1e76e650825e7c
- https://git.kernel.org/stable/c/fdb24a820a5832ec4532273282cbd4f22c291a0d