CVE-2026-43168
Awaiting Analysis Awaiting Analysis - Queue
OCFS2 Reflink Xattr Cleanup Flaw Fixed

Publication date: 2026-05-06

Last updated on: 2026-05-06

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix reflink preserve cleanup issue commit c06c303832ec ("ocfs2: fix xattr array entry __counted_by error") doesn't handle all cases and the cleanup job for preserved xattr entries still has bug: - the 'last' pointer should be shifted by one unit after cleanup an array entry. - current code logic doesn't cleanup the first entry when xh_count is 1. Note, commit c06c303832ec is also a bug fix for 0fe9b66c65f3.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-06
Generated
2026-06-16
AI Q&A
2026-05-06
EPSS Evaluated
2026-06-15
NVD
CVE-2026-43168
EUVD
EUVD-2026-27727
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is related to the Linux kernel's ocfs2 filesystem, specifically in the handling of reflink preserve cleanup for extended attribute (xattr) entries.

A previous fix (commit c06c303832ec) intended to address an error with the xattr array entry counting (__counted_by) did not handle all cases correctly.

The bug involves the cleanup process for preserved xattr entries where the 'last' pointer should be shifted by one unit after cleaning up an array entry, but this was not done.

Additionally, the current code logic fails to clean up the first entry when the xh_count is 1.

Impact Analysis

This vulnerability relates to a bug in the Linux kernel's ocfs2 filesystem code, specifically in the cleanup process of preserved extended attribute (xattr) entries during reflink operations.

Because the cleanup logic does not handle all cases correctly, it may lead to improper management of xattr entries, potentially causing data inconsistencies or corruption in the filesystem.

Users relying on ocfs2 with reflink functionality could experience unexpected behavior or data integrity issues until the fix is applied.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43168. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart