Always-Incorrect Control Flow Implementation in Linux kernel - CVE-2026-43273
Published: May 7, 2026
Vulnerability identifier: #VU130432
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-43273
CWE-ID: CWE-670
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause data inconsistencies in snapshots.
The vulnerability exists due to improper context handling in ceph_zero_partial_object() when performing OSD write operations for partial object zeroing. A local user can modify a file and access its snapshot to cause data inconsistencies in snapshots.
Exploitation requires access to a CephFS mount and interaction with snapshot functionality.
How to mitigate CVE-2026-43273
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/36673344b41c31fb502dd0d0113cec1aa96f581e
- https://git.kernel.org/stable/c/4097e70fc543cca72982854108a32f6ae924e727
- https://git.kernel.org/stable/c/531a76c5a2e44264cee8a70121e63eb28c1ba728
- https://git.kernel.org/stable/c/5788b742007f53406049bef917833a71ddd43f60
- https://git.kernel.org/stable/c/69e59a87bab0ea31ab2a584fc65e12dafacf8953
- https://git.kernel.org/stable/c/757873abfc8ea38592582180aed0f57f0f0cb07a
- https://git.kernel.org/stable/c/9efa154609cdb658f51c7d76b30a09f7e6485250
- https://git.kernel.org/stable/c/f16bd3fa74a2084ee7e16a8a2be7e7399b970907