CVE-2026-43053
XFS Metadata Corruption in Linux Kernel
Publication date: 2026-05-01
Last updated on: 2026-05-01
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's XFS filesystem, specifically in the handling of extended attributes with node-format inodes. When inactivating such an inode, the system invalidates child leaf/node blocks but does not immediately remove their references from parent nodes, assuming a later truncation will clear them. However, if a system shutdown occurs between these steps, stale pointers to cancelled blocks can remain on disk.
During recovery after such a shutdown, the system may encounter these stale pointers, leading to metadata verification failures and potential corruption errors. This can cause the filesystem to detect corruption and require repair.
The fix involves removing references to cancelled child blocks immediately within the same transaction and splitting the attribute fork truncation into two atomic phases to ensure consistency and prevent stale pointers from persisting.
How can this vulnerability impact me? :
This vulnerability can lead to metadata corruption in the XFS filesystem, causing the filesystem to detect errors during mount or recovery.
As a result, the system may unmount the affected filesystem and require running repair tools like xfs_repair to fix the corruption.
This can cause system downtime, potential data inaccessibility, and increased maintenance efforts.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability manifests as metadata corruption errors related to the XFS filesystem, specifically during inode inactivation with node-format extended attributes.
Detection can be done by monitoring system logs for error messages similar to the following:
- XFS (pmem0): Metadata corruption detected at xfs_da3_node_read_verify+0x53/0x220, xfs_da3_node block 0x78
- XFS (pmem0): Unmount and run xfs_repair
- XFS (pmem0): metadata I/O error in "xfs_da_read_buf+0x104/0x190" at daddr 0x78 len 8 error 117
To check for these errors, you can use commands such as:
- journalctl -k | grep -i xfs
- dmesg | grep -i xfs
- grep -i xfs /var/log/syslog
Additionally, running the filesystem check tool xfs_repair on the affected filesystem can help detect and potentially fix metadata corruption.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include:
- Unmount the affected XFS filesystem as soon as possible to prevent further corruption.
- Run the xfs_repair utility on the affected filesystem to detect and repair metadata corruption.
- Avoid system shutdowns or reboots during active inode inactivation processes to reduce the risk of triggering the vulnerability.
- Apply the patch or update the Linux kernel to the fixed version that addresses this vulnerability, which includes changes to xfs_attr3_node_inactive() and xfs_attr_inactive() functions to ensure atomic removal of stale pointers and proper attr fork truncation.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided CVE description does not include any information regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.