Skip to main content

Linux Kernel EUVDEUVD-2026-35430

| CVE-2026-46329 MEDIUM
2026-06-09 Linux GHSA-q35q-g5hg-8863
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local low-privilege access required; file-backed EROFS mount triggers availability-only kernel crash with no confidentiality or integrity impact per description.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jul 08, 2026 - 17:07 vuln.today
CVSS changed
Jul 08, 2026 - 16:22 NVD
5.5 (MEDIUM)
Patch available
Jun 09, 2026 - 15:01 EUVD
CVE Published
Jun 09, 2026 - 12:25 nvd
MEDIUM 5.5
CVE Published
Jun 09, 2026 - 12:25 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

erofs: handle end of filesystem properly for file-backed mounts

I/O requests beyond the end of the filesystem should be zeroed out, similar to loopback devices and that is what we expect.

AnalysisAI

Improper end-of-filesystem boundary handling in the Linux kernel EROFS driver for file-backed mounts causes a denial-of-service condition when I/O requests exceed the filesystem image boundary. Affected kernels spanning multiple stable branches fail to zero-fill out-of-bounds I/O regions as expected (analogous to loopback device behavior), producing undefined kernel behavior that results in availability loss. No public exploit has been identified and EPSS is 0.02% (5th percentile), indicating negligible opportunistic exploitation probability; patches are confirmed available across stable branches 6.12.x, 6.18.x, 6.19.x, and 7.0.

Technical ContextAI

EROFS (Enhanced Read-Only File System) is a compressed, high-performance read-only filesystem used in Android, embedded Linux, and OCI container image layers. When EROFS is configured in file-backed mode - where the filesystem image resides in a regular file rather than a raw block device, analogous to a loopback mount - the kernel block layer must synthesize zeroed responses for I/O requests that fall beyond the end of the underlying image file. The vulnerability was introduced at commit ce63cb62d794c98c7631c2296fa845f2a8d0a4a1 and affects the EROFS block I/O path, which failed to implement this boundary clamping. The affected CPE is cpe:2.3:a:linux:linux:* across multiple stable series. No CWE is formally assigned; the root cause is most consistent with CWE-125 (Out-of-bounds Read) or improper boundary condition handling in block I/O completion paths. The intelligence tags include 'Information Disclosure,' which conflicts with the CVSS C:N metric - this discrepancy suggests a possible secondary confidentiality impact (e.g., exposure of kernel buffer contents beyond the image boundary) that is not reflected in the current NVD scoring.

RemediationAI

The primary remediation is to upgrade to a patched kernel: Linux 6.12.75, 6.18.14, 6.19.4, or 7.0, as confirmed by EUVD and stable tree commits available at https://git.kernel.org/stable/c/8d582d65d20bb4796db01b19e86909ad68cb337b and the three related commits. Distribution users should apply vendor-released kernel updates as they incorporate these stable fixes. As a compensating control for systems that cannot be patched immediately, administrators should avoid or disable file-backed EROFS mounts; if EROFS is not operationally required, the module can be blacklisted by adding 'blacklist erofs' to /etc/modprobe.d/blacklist.conf and running depmod - note this will prevent use of any EROFS filesystem including container image layers that rely on it. Systems using only block-device-backed EROFS mounts (not file-backed) are not exposed to this specific code path per the vulnerability description.

Share

EUVD-2026-35430 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy