Skip to main content

Linux Kernel CVE-2026-43063

| EUVDEUVD-2026-27359 HIGH
2026-05-05 Linux
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 08, 2026 - 15:46 vuln.today
CVSS changed
May 08, 2026 - 13:22 NVD
7.8 (HIGH)
Patch available
May 05, 2026 - 17:01 EUVD
CVE Published
May 05, 2026 - 15:23 nvd
HIGH 7.8

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

xfs: don't irele after failing to iget in xfs_attri_recover_work

xlog_recovery_iget* never set @ip to a valid pointer if they return an error, so this irele will walk off a dangling pointer. Fix that.

AnalysisAI

Use-after-free in XFS filesystem recovery code allows local attackers with user interaction to achieve high-severity impacts including potential code execution, data corruption, or denial of service. The vulnerability stems from incorrect error handling in xfs_attri_recover_work() where the code attempts to release an inode pointer that was never successfully allocated, causing a dereference of uninitialized memory. Patches are available across multiple kernel versions (6.12.80, 6.18.21, 6.19.11, 7.0), and EPSS score of 0.02% (5th percentile) indicates low observed exploitation probability with no public exploit identified at time of analysis.

Technical ContextAI

This vulnerability affects the XFS filesystem's extended attribute recovery subsystem within the Linux kernel transaction log replay mechanism. During filesystem recovery operations, the xlog_recovery_iget* family of functions is called to retrieve inode structures. The bug occurs in xfs_attri_recover_work() where error handling logic incorrectly assumes the inode pointer is valid even when xlog_recovery_iget* returns an error. In C programming, attempting to dereference or release (irele) a pointer that was never initialized or points to freed memory constitutes a use-after-free or uninitialized pointer dereference. This class of memory safety bug can lead to undefined behavior including crashes, information disclosure through kernel memory leaks, or potential privilege escalation if an attacker can control the memory region being accessed. The vulnerability was introduced in commit ae673f534a30 and affects XFS code paths specifically triggered during journal recovery after unclean filesystem unmounts or system crashes.

RemediationAI

Apply vendor-released kernel updates immediately: upgrade to Linux kernel 6.12.80 or later for the 6.12.x branch, 6.18.21 or later for 6.18.x, 6.19.11 or later for 6.19.x, or version 7.0 or later for mainline kernels. Upstream fixes are available in commits b5c5a50c2f513d4a13a6763564a07b470e69cc5a, a1a5df1038f0b3c560d204270373621a4e622808, 40082d08b638485cbaa543dc8087a3d1844d6f08, and 70685c291ef82269180758130394ecdc4496b52c from git.kernel.org/stable. Distribution-specific updates should be obtained through your vendor's normal patch channels (Red Hat, Ubuntu, SUSE, Debian). If immediate patching is not feasible, implement compensating controls: restrict mounting of XFS filesystems to trusted sources only by removing user mount permissions in /etc/fstab and disabling automount for removable media via udev rules or systemd-mount policies; disable XFS kernel module loading using 'install xfs /bin/true' in /etc/modprobe.d/ if XFS is not operationally required (note this prevents all XFS filesystem access and will break systems with XFS root filesystems); implement mandatory access control policies (SELinux, AppArmor) to restrict which users and processes can invoke mount operations. These mitigations reduce attack surface but do not eliminate the vulnerability-patching remains the only complete remediation.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43063 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy