CVE-2026-43153
HIGH EPSS 3.6%
Published May 6, 20261mo ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
Published May 6, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago
Description
In the Linux kernel, the following vulnerability has been resolved: xfs: remove xfs_attr_leaf_hasname The calling convention of xfs_attr_leaf_hasname() is problematic, because it returns a NULL buffer when xfs_attr3_leaf_read fails, a valid buffer when xfs_attr3_leaf_lookup_int returns -ENOATTR or -EEXIST, and a non-NULL buffer pointer for an already released buffer when xfs_attr3_leaf_lookup_int fails with other error values. Fix this by simply open coding xfs_attr_leaf_hasname in the callers, so that the buffer release code is done by each caller of xfs_attr3_leaf_read.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
3.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 3
References 4
- git.kernel.org https://git.kernel.org/stable/c/2fbc8421d1db102c0e5458607e042a23a03648b1
- git.kernel.org https://git.kernel.org/stable/c/3a65ea768b8094e4699e72f9ab420eb9e0f3f568
- git.kernel.org https://git.kernel.org/stable/c/457121c01f609b9934addbb04d5c1ef638c71c61
- git.kernel.org https://git.kernel.org/stable/c/530082df991903f3330354e99e0cb7b05debfa86
Remediation
- git.kernel.org https://git.kernel.org/stable/c/2fbc8421d1db102c0e5458607e042a23a03648b1
- git.kernel.org https://git.kernel.org/stable/c/3a65ea768b8094e4699e72f9ab420eb9e0f3f568
- git.kernel.org https://git.kernel.org/stable/c/457121c01f609b9934addbb04d5c1ef638c71c61
- git.kernel.org https://git.kernel.org/stable/c/530082df991903f3330354e99e0cb7b05debfa86