Skip to main content

NILFS Utils CVE-2026-55392

| EUVDEUVD-2026-37927 MEDIUM
Improper Validation of Specified Quantity in Input (CWE-1284)
2026-06-18 VulnCheck GHSA-f559-vgh2-9hj6
6.7
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
6.7 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.5 MEDIUM

Local attack vector and required user interaction (run tool on crafted image); no privileges needed; crash-only impact with no confidentiality or integrity effect.

3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
A
Scope
X

Lifecycle Timeline

2
Source Code Evidence Fetched
Jun 18, 2026 - 19:01 vuln.today
Analysis Generated
Jun 18, 2026 - 19:01 vuln.today

DescriptionCVE.org

NILFS utilities through 2.3.0, fixed in commit 26efb5d, nilfs_sb_is_valid() function fails to validate s_log_block_size field in NILFS2 superblock before bit-shift operations. Attackers supplying crafted NILFS2 images trigger undefined behavior through oversized shifts or out-of-memory conditions, crashing tools like nilfs-tune and dumpseg.

AnalysisAI

NILFS utilities (nilfs-utils) through version 2.3.0 crash when processing crafted NILFS2 filesystem images due to missing bounds validation on the s_log_block_size superblock field before performing bit-shift operations. Tools including nilfs-tune and dumpseg are affected: an attacker who can persuade a user to process a malicious image can trigger undefined behavior - either oversized shift operations or out-of-memory conditions - resulting in a denial of service via tool crash. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft NILFS2 image with oversized s_log_block_size
Delivery
Deliver malicious image to target user
Exploit
User runs nilfs-tune or dumpseg on image
Execution
Unvalidated shift/allocation triggers undefined behavior
Impact
Tool crashes (DoS)

Vulnerability AssessmentAI

Exploitation Exploitation requires a user to actively run a NILFS utility (specifically nilfs-tune or dumpseg) against an attacker-controlled NILFS2 filesystem image containing a crafted superblock with s_log_block_size set to a value greater than 6. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 6.7 is appropriate and well-supported by the vector (AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a NILFS2 filesystem image containing a superblock with an s_log_block_size value far exceeding the valid maximum of 6 and delivers it to a target through a phishing email, file share, or malicious download. When the victim runs nilfs-tune or dumpseg against the image - for instance, during a forensic investigation, filesystem audit, or routine administration task - the unvalidated field is used in a bit-shift or allocation calculation, triggering undefined behavior that crashes the tool. …
Remediation Apply the upstream fix available at commit 26efb5daff0757365101035145331b0a5a85d9d9 (https://github.com/nilfs-dev/nilfs-utils/commit/26efb5daff0757365101035145331b0a5a85d9d9), which adds a one-line bounds check - rejecting any superblock where s_log_block_size exceeds 6 - to nilfs_sb_is_valid() in lib/sb.c. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
openSUSE Tumbleweed Fixed

Share

CVE-2026-55392 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy