SB20260507191 - Improper control of a resource through its lifetime in Linux kernel xfs libxfs
Published: May 7, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Improper control of a resource through its lifetime (CVE-ID: CVE-2026-43158)
CWE-ID: CWE-664 - Improper control of a resource through its lifetime
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper state management in the xfs extended attribute leaf block freemap adjustment code when adding extended attributes to leaf blocks. A local user can set a crafted extended attribute to cause a denial of service.
The issue can corrupt free space accounting so that the name area overlaps the end of the entries array, triggering an assertion and shutting down the filesystem.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/24ce71852f2cee6581e2cbebc15489ed52bf63b7
- https://git.kernel.org/stable/c/38613c01f69e1e77e6b8acab1e8ac665d01c2f15
- https://git.kernel.org/stable/c/3eefc0c2b78444b64feeb3783c017d6adc3cd3ce
- https://git.kernel.org/stable/c/43f3b18679615a93bd848afde3602ba160637a46
- https://git.kernel.org/stable/c/6a8737afbccc340e718e0b22577312826390be8b
- https://git.kernel.org/stable/c/a396b3d73d51355e50acdb403ba9c4cae4c1174e
- https://git.kernel.org/stable/c/d08976725355b9d54d8332fce223fa281cc304a5
- https://git.kernel.org/stable/c/ef42a8766ff3fdf51cf72fb36d0859c09d134478