Improper Check or Handling of Exceptional Conditions in Linux kernel - CVE-2026-43360
Published: May 9, 2026
Vulnerability identifier: #VU130829
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-43360
CWE-ID: CWE-703
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper handling of name hash collisions in btrfs directory item insertion when creating files with colliding names. A local user can create multiple specially crafted filenames with the same hash to cause a denial of service.
Successful exploitation aborts the transaction and remounts the filesystem read-only.
How to mitigate CVE-2026-43360
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/0625e564290450c1921b115fc3d9abef74e055bd
- https://git.kernel.org/stable/c/2d1ababdedd4ba38867c2500eb7f95af5ddeeef7
- https://git.kernel.org/stable/c/36947b5200b89bbe3a63629c12d4b31c84c0af9f
- https://git.kernel.org/stable/c/5e2ea10b800d1bbb95e0c01a83f4f8119ac5d688
- https://git.kernel.org/stable/c/64ad49597d14c495ab8b7933bfefc83936a598e4
- https://git.kernel.org/stable/c/9273175bf16c83f3ec93aa242d78c9b5db452d4d