CVE-2026-43153
Memory Corruption in Linux Kernel XFS Filesystem
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is related to the Linux kernel's xfs filesystem code, specifically the function xfs_attr_leaf_hasname(). The issue arises because this function's calling convention is problematic: it returns different types of buffer pointers depending on various error conditions, including returning a non-NULL pointer to a buffer that has already been released. This inconsistent behavior can lead to improper handling of memory buffers.
The fix involved removing the xfs_attr_leaf_hasname() function and instead implementing its logic directly in the callers. This ensures that each caller properly manages the release of buffers returned by xfs_attr3_leaf_read(), preventing the use of invalid or already freed buffers.
How can this vulnerability impact me? :
This vulnerability can lead to improper memory management within the Linux kernel's xfs filesystem code. Specifically, it may cause the use of invalid or already freed memory buffers, which can result in system instability, crashes, or potential security issues such as memory corruption.