CVE-2026-43154
EROFS Volume Label Handling Folio Reference Leak
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux_kernel | erofs | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability involves folio reference leaks due to incorrect early returns in volume label handling of EROFS images in the Linux kernel. However, it does not cause system crashes or other severe issues.
There is no information provided about any impact on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's EROFS (Enhanced Read-Only File System) implementation. It involves incorrect early exits during the handling of volume labels in EROFS images.
Specifically, crafted EROFS images that contain valid volume labels can trigger these incorrect early returns, which lead to folio reference leaks.
How can this vulnerability impact me? :
The folio reference leaks caused by this vulnerability do not result in system crashes or other severe issues.
Therefore, while there is a resource leak, the impact on system stability or security is limited.