CVE-2026-43365
Received Received - Intake
XFS Filesystem Log Corruption Due to Incorrect Roundoff Value

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: xfs: fix undersized l_iclog_roundoff values If the superblock doesn't list a log stripe unit, we set the incore log roundoff value to 512. This leads to corrupt logs and unmountable filesystems in generic/617 on a disk with 4k physical sectors... XFS (sda1): Mounting V5 Filesystem ff3121ca-26e6-4b77-b742-aaff9a449e1c XFS (sda1): Torn write (CRC failure) detected at log block 0x318e. Truncating head block from 0x3197. XFS (sda1): failed to locate log tail XFS (sda1): log mount/recovery failed: error -74 XFS (sda1): log mount failed XFS (sda1): Mounting V5 Filesystem ff3121ca-26e6-4b77-b742-aaff9a449e1c XFS (sda1): Ending clean mount ...on the current xfsprogs for-next which has a broken mkfs. xfs_info shows this... meta-data=/dev/sda1 isize=512 agcount=4, agsize=644992 blks = sectsz=4096 attr=2, projid32bit=1 = crc=1 finobt=1, sparse=1, rmapbt=1 = reflink=1 bigtime=1 inobtcount=1 nrext64=1 = exchange=1 metadir=1 data = bsize=4096 blocks=2579968, imaxpct=25 = sunit=0 swidth=0 blks naming =version 2 bsize=4096 ascii-ci=0, ftype=1, parent=1 log =internal log bsize=4096 blocks=16384, version=2 = sectsz=4096 sunit=0 blks, lazy-count=1 realtime =none extsz=4096 blocks=0, rtextents=0 = rgcount=0 rgsize=268435456 extents = zoned=0 start=0 reserved=0 ...observe that the log section has sectsz=4096 sunit=0, which means that the roundoff factor is 512, not 4096 as you'd expect. We should fix mkfs not to generate broken filesystems, but anyone can fuzz the ondisk superblock so we should be more cautious. I think the inadequate logic predates commit a6a65fef5ef8d0, but that's clearly going to require a different backport.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-05-09
AI Q&A
2026-05-08
EPSS Evaluated
N/A
NVD
CVE-2026-43365
EUVD
EUVD-2026-28671
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's XFS filesystem implementation. It involves an incorrect handling of the log stripe unit value in the superblock. When the superblock does not specify a log stripe unit, the system sets an internal log roundoff value to 512 instead of the expected 4096. This incorrect value leads to corrupted logs and filesystems that cannot be mounted properly.

Specifically, the issue causes errors such as torn writes (CRC failures), failure to locate the log tail, and log mount or recovery failures, resulting in unmountable filesystems. The root cause is related to broken logic in the mkfs tool and the way the on-disk superblock is handled.


How can this vulnerability impact me? :

This vulnerability can lead to filesystem corruption and unmountable filesystems on affected Linux systems using the XFS filesystem. As a result, data stored on these filesystems may become inaccessible or lost due to corrupted logs and failed recovery processes.

Users may experience system instability or data loss, especially on disks with 4k physical sectors where the incorrect log roundoff value is applied. This can disrupt normal operations and require filesystem repair or data restoration efforts.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability relates to the XFS filesystem on Linux, specifically involving undersized l_iclog_roundoff values that can cause corrupt logs and unmountable filesystems.

Detection can be done by examining system logs for XFS-related errors such as:

  • XFS (sda1): Torn write (CRC failure) detected at log block
  • XFS (sda1): failed to locate log tail
  • XFS (sda1): log mount/recovery failed: error -74
  • XFS (sda1): log mount failed

You can use commands like 'dmesg' or 'journalctl' to check for these XFS error messages in the kernel or system logs.

Additionally, running 'xfs_info /dev/sda1' (replace /dev/sda1 with your XFS device) can show filesystem metadata. Look for the log section's 'sectsz' and 'sunit' values. If 'sunit' is 0 and 'sectsz' is 4096, the roundoff factor is 512 instead of the expected 4096, indicating the issue.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves avoiding the use of filesystems created with the broken mkfs that generates undersized l_iclog_roundoff values.

If you detect the issue, avoid mounting affected XFS filesystems to prevent data corruption or unmountable states.

Update your Linux kernel and xfsprogs to versions that include the fix for this vulnerability.

In the longer term, ensure that mkfs does not generate broken filesystems by applying patches or updates that fix the logic for setting the log stripe unit and roundoff values.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart