kernel: Linux kernel: Denial of Service in erofs filesystem

A flaw was found in the Linux kernel's erofs filesystem. A remote attacker can exploit this vulnerability without requiring any privileges. This issue occurs when insufficient memory during a memory mapping operation vmmapram in the bio completion path leads to a deadlock, causing a Denial of...

CVE-2026-46329

A flaw was found in the Linux kernel's erofs filesystem. This vulnerability occurs due to improper handling of I/O requests that extend beyond the end of a file-backed filesystem. An attacker could potentially exploit this to read uninitialized memory, leading to information disclosure. This issu...

EUVD-2026-35430

In the Linux kernel, the following vulnerability has been resolved: erofs: handle end of filesystem properly for file-backed mounts I/O requests beyond the end of the filesystem should be zeroed out, similar to loopback devices and that is what we expect...

CVE-2026-46329

The CVE-2026-46329 entry concerns the erofs filesystem in the Linux kernel. The underlying issue was handling end-of-filesystem conditions for file-backed mounts, where I/O requests beyond the filesystem end should be zeroed (as with loopback devices). The advisory indicates this has been resolve...

PT-2026-47787

In the Linux kernel, the following vulnerability has been resolved: erofs: handle end of filesystem properly for file-backed mounts I/O requests beyond the end of the filesystem should be zeroed out, similar to loopback devices and that is what we expect...

erofs: fix unsigned underflow in z_erofs_lz4_handle_overlap()

...

CVE-2026-45943

A flaw was found in the Linux kernel's erofs filesystem. This issue occurs when compressed folios for ztailpacking pclusters are not validated before being added to I/O chains. An attacker could potentially trigger a NULL pointer dereference, leading to a system crash and a Denial of Service DoS...

EUVD-2026-32295

In the Linux kernel, the following vulnerability has been resolved: erofs: fix unsigned underflow in zerofslz4handleoverlap Some crafted images can have illegal !partialdecoding && mllen out access reads past the decompressedpages array. However, such crafted cases can correctly result in a...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: erofs: Avoid infinite loops caused by corrupted subpage compact indexes. Robert reported an infinite loop observed in two crafted images. The root cause is that clusterofs can be larger than lclustersize for !NONHEAD lclusters...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux

In the Linux kernel, the following vulnerability has been resolved: erofs: Fix for lz4 inplace decompression Currently, EROFS can map another compressed buffer for inplace decompression. This was used to handle cases where some pages of compressed data are not actually in-place I/O. However, like...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: erofs: limited the level of fs stacking for file-backed mounts. Otherwise, it could cause potential kernel stack overflows e.g., when mounting EROFS itself...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: erofs: Properly handling overlapped pclusters from crafted images. syzbot reported a task hanging issue due to a deadlock situation where it was waiting for the folio lock of a cached folio that would be used for cache I/Os...

CVE-2026-43179

A flaw was found in the Linux kernel's EROFS filesystem. An attacker could provide a specially crafted EROFS image with metadata compression enabled. This could trigger incorrect early returns within the kernel, leading to folio reference leaks. While this issue does not cause system crashes or...

CVE-2026-43154

A flaw was found in the Linux kernel's EROFS filesystem. Crafted EROFS images containing valid volume labels can trigger incorrect early returns during volume label handling, leading to folio reference leaks. This issue could potentially lead to minor resource exhaustion, but it does not cause...

CVE-2026-43166

In the Linux kernel, the following vulnerability has been resolved: erofs: fix interlaced plain identification for encoded extents Only plain data whose start position and on-disk physical length are both aligned to the block size should be classified as interlaced plain extents. Otherwise, it mu...

erofs: add GFP_NOIO in the bio completion if needed

...

CVE-2026-31514

A flaw was found in the Linux kernel's erofs filesystem component. When an input/output I/O request for a file-backed mount is interrupted by a SIGKILL signal, the system incorrectly marks unused data blocks as up-to-date. This can lead to data integrity issues or the potential disclosure of stal...

CVE-2026-31467

In the Linux kernel, the following vulnerability has been resolved: erofs: add GFPNOIO in the bio completion if needed The bio completion path in the process context e.g. dm-verity will directly call into decompression rather than trigger another workqueue context for minimal scheduling latencies...

CVE-2026-23224

In the Linux kernel, the following vulnerability has been resolved: erofs: fix UAF issue for file-backed mounts w/ directio option 9.269940 T3222 Call trace: 9.269948 T3222 ext4filereaditer+0xac/0x108 9.269979 T3222 vfsiocbiterread+0xac/0x198 9.269993 T3222 erofsfileiorqsubmit+0x12c/0x180 9.27000...

kernel: Linux kernel erofs: Use-After-Free due to device type mismatch

A flaw was found in the Linux kernel's erofs filesystem. A local attacker could exploit a use-after-free UAF vulnerability by mounting an erofs filesystem with a specific configuration where the primary and extra devices have mismatched types. This improper handling of device initialization error...