Skip to main content

Linux Kernel EUVDEUVD-2026-27727

| CVE-2026-43168 MEDIUM
2026-05-06 Linux GHSA-m75h-8jqh-gvwj
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 13, 2026 - 15:59 vuln.today
CVSS changed
May 13, 2026 - 15:52 NVD
5.5 (MEDIUM)
Patch available
May 06, 2026 - 13:32 EUVD
CVE Published
May 06, 2026 - 11:27 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

ocfs2: fix reflink preserve cleanup issue

commit c06c303832ec ("ocfs2: fix xattr array entry __counted_by error") doesn't handle all cases and the cleanup job for preserved xattr entries still has bug:

  • the 'last' pointer should be shifted by one unit after cleanup

an array entry.

  • current code logic doesn't cleanup the first entry when xh_count is 1.

Note, commit c06c303832ec is also a bug fix for 0fe9b66c65f3.

AnalysisAI

Denial of service via incomplete xattr cleanup in the Linux kernel OCFS2 filesystem causes memory corruption when processing reflinked files with extended attributes. A local user with standard privileges can trigger this vulnerability through crafted xattr operations, resulting in system crashes or data integrity issues. The flaw affects Linux kernel versions from 2.6.32 through multiple recent releases (5.10, 5.15, 6.1, 6.6, 6.12, 6.18, 6.19), with vendor-released patches available for supported stable branches.

Technical ContextAI

OCFS2 is the Oracle Cluster Filesystem version 2, a shared-disk filesystem for Linux. The vulnerability resides in xattr (extended attribute) cleanup logic during reflink operations, which are copy-on-write links used for efficient file cloning. The bug originates from incomplete fixes to commit c06c303832ec, which attempted to address __counted_by array annotation issues introduced in commit 0fe9b66c65f3. The underlying defect involves incorrect pointer arithmetic when removing xattr entries from the xattr block header structure: the 'last' pointer is not properly advanced after cleanup, and the cleanup routine fails to process the first entry when the xattr count is 1. This results in use-after-free or buffer corruption scenarios within kernel memory space, classified under memory safety issues in the OCFS2 subsystem.

RemediationAI

Apply vendor-released patches immediately to affected kernel branches: 5.10.252, 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.16, 6.19.6, or upgrade to 7.0 and later. Recompile and reboot systems running OCFS2 workloads. If immediate patching is not feasible, disable OCFS2 filesystem mounting on non-cluster systems where this filesystem is not actively required, using kernel module blacklisting or boot parameters (e.g., 'omit-ocfs2' in dracut configuration for early-stage systems). For production OCFS2 clusters, coordinate patching windows carefully to avoid cascading cluster node reboots; consider patching and rebooting nodes sequentially to maintain quorum. Verify kernel version post-reboot using 'uname -r' to confirm patch application. Reference commit fixes: https://git.kernel.org/stable/ for specific stable tree branches.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-27727 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy