SB20260507191 - Improper control of a resource through its lifetime in Linux kernel xfs libxfs



SB20260507191 - Improper control of a resource through its lifetime in Linux kernel xfs libxfs

Published: May 7, 2026

Security Bulletin ID SB20260507191
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Improper control of a resource through its lifetime (CVE-ID: CVE-2026-43158)

CWE-ID: CWE-664 - Improper control of a resource through its lifetime

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to improper state management in the xfs extended attribute leaf block freemap adjustment code when adding extended attributes to leaf blocks. A local user can set a crafted extended attribute to cause a denial of service.

The issue can corrupt free space accounting so that the name area overlaps the end of the entries array, triggering an assertion and shutting down the filesystem.


Remediation

Install update from vendor's website.