Skip to main content

Linux Kernel EUVDEUVD-2026-27770

| CVE-2026-43209 MEDIUM
2026-05-06 Linux GHSA-h2vp-f72r-628f
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 11, 2026 - 20:07 vuln.today
CVSS changed
May 11, 2026 - 20:07 NVD
5.5 (MEDIUM)
Patch available
May 06, 2026 - 13:32 EUVD
CVE Published
May 06, 2026 - 11:28 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

minix: Add required sanity checking to minix_check_superblock()

The fs/minix implementation of the minix filesystem does not currently support any other value for s_log_zone_size than 0. This is also the only value supported in util-linux; see mkfs.minix.c line 511. In addition, this patch adds some sanity checking for the other minix superblock fields, and moves the minix_blocks_needed() checks for the zmap and imap also to minix_check_super_block().

This also closes a related syzbot bug report.

AnalysisAI

Denial of service in Linux kernel minix filesystem implementation allows local authenticated users to crash the system via crafted minix superblock structures due to missing validation of s_log_zone_size and other superblock fields in the minix_check_superblock() function.

Technical ContextAI

The minix filesystem driver in the Linux kernel (fs/minix) performs filesystem mount operations that parse and validate superblock metadata. The vulnerability exists in the minix_check_superblock() function, which previously did not validate the s_log_zone_size field or perform adequate sanity checking on other superblock parameters. The minix filesystem specification and util-linux mkfs.minix utility only support s_log_zone_size value of 0, yet the kernel did not enforce this constraint. Additionally, checks for zmap and imap block count requirements (minix_blocks_needed()) were not integrated into the superblock validation routine. An attacker can provide a maliciously crafted minix filesystem image with invalid superblock values that triggers unhandled conditions during mount operations, leading to kernel oops or denial of service.

RemediationAI

Apply kernel updates: Linux 7.0 (mainline), 6.19.6, 6.18.16, 6.12.75, 6.6.128, 6.1.165, 5.15.202, or 5.10.252 depending on your kernel series (see git.kernel.org stable commits a051ecf5c5b0387840dc210413ed3bc7fbdaa69c and related backports). Patches are available from kernel.org stable tree and distribution vendors. Mitigation for unpatched systems: disable minix filesystem support by removing CONFIG_MINIX_FS from kernel configuration if minix filesystem is not required, or restrict mount permissions via mount namespace isolation and MAC policies to prevent untrusted users from mounting arbitrary filesystem images. Distribution package managers should provide patched kernel versions in their security update channels.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-27770 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy