Skip to main content

Linux EUVDEUVD-2026-15388

| CVE-2026-23388 HIGH
Out-of-bounds Read (CWE-125)
2026-03-25 Linux
7.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
SUSE
6.3 MEDIUM
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
Red Hat
6.6 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 24, 2026 - 18:52 vuln.today
cvss_changed
CVSS changed
Apr 24, 2026 - 18:52 NVD
7.1 (HIGH)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 25, 2026 - 10:45 euvd
EUVD-2026-15388
Analysis Generated
Mar 25, 2026 - 10:45 vuln.today
CVE Published
Mar 25, 2026 - 10:28 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

Squashfs: check metadata block offset is within range

Syzkaller reports a "general protection fault in squashfs_copy_data"

This is ultimately caused by a corrupted index look-up table, which produces a negative metadata block offset.

This is subsequently passed to squashfs_copy_data (via squashfs_read_metadata) where the negative offset causes an out of bounds access.

The fix is to check that the offset is within range in squashfs_read_metadata. This will trap this and other cases.

AnalysisAI

A metadata validation vulnerability in the Linux kernel's Squashfs filesystem implementation allows out-of-bounds memory access when processing corrupted or malicious filesystem images. Specifically, a negative metadata block offset derived from a corrupted index lookup table is passed to squashfs_copy_data without bounds checking, causing a general protection fault. Any Linux system mounting an untrusted Squashfs image is affected, potentially enabling denial of service or information disclosure attacks, though no active exploitation in the wild is currently documented.

Technical ContextAI

The vulnerability exists in the Squashfs filesystem driver, a compression-focused read-only filesystem commonly used in embedded systems, live bootable media, and container images. The root cause is improper input validation of metadata block offsets in the squashfs_read_metadata function. The affected Linux kernel (all versions identified via CPE cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*) fails to validate that offsets derived from the index lookup table fall within acceptable ranges before using them for memory access operations. This is fundamentally a bounds-checking failure (related to CWE-125: Out-of-bounds Read or similar memory safety issues) triggered by parsing a corrupted metadata structure. The Syzkaller fuzzer identified this during filesystem image mutation testing, demonstrating the vulnerability is reachable via specially crafted Squashfs images.

RemediationAI

Apply the latest kernel security updates provided by your Linux distribution. For mainline kernel users, upgrade to a kernel version that includes the fix (reference the commit hashes listed in references; these appear in kernels post-fix-date across stable branches). For distribution users, install kernel updates through your package manager (apt/yum/dnf) as soon as they are available. Until patching is possible, mitigate risk by: (1) avoiding mounting or executing untrusted Squashfs images from unknown sources, (2) restricting filesystem mount permissions to trusted administrators, and (3) disabling Squashfs driver support if not required (via kernel module blacklisting). Since this vulnerability is in the kernel's filesystem parsing layer and requires local access to trigger, reducing exposure to untrusted image sources is the primary interim mitigation. Monitor https://git.kernel.org/stable/ and your distribution's security advisories for patch availability.

Vendor StatusVendor

Debian

linux
Release Status Fixed Version Urgency
bullseye vulnerable 5.10.223-1 -
bullseye (security) vulnerable 5.10.251-1 -
bookworm vulnerable 6.1.159-1 -
bookworm (security) vulnerable 6.1.164-1 -
trixie vulnerable 6.12.73-1 -
trixie (security) vulnerable 6.12.74-2 -
forky, sid fixed 6.19.8-1 -
(unstable) fixed 6.19.8-1 -

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-15388 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy