CVE-2026-43228
MEDIUM EPSS 1.6%
Published May 6, 20261mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Published May 6, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago
Description
In the Linux kernel, the following vulnerability has been resolved: hfs: Replace BUG_ON with error handling for CNID count checks In a06ec283e125 next_id, folder_count, and file_count in the super block info were expanded to 64 bits, and BUG_ONs were added to detect overflow. This triggered an error reported by syzbot: if the MDB is corrupted, the BUG_ON is triggered. This patch replaces this mechanism with proper error handling and resolves the syzbot reported bug. Singed-off-by: Jori Koolstra <jkoolstra@xs4all.nl>
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
1.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-617
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| linux | linux_kernel | * | ≥6.18 – <6.19.6 |
References 2
- git.kernel.org https://git.kernel.org/stable/c/b226804532a875c10276168dc55ce752944096bd
- git.kernel.org https://git.kernel.org/stable/c/b6536c1ced315fa645576d3a39c6e07f2a472962
Remediation
- git.kernel.org https://git.kernel.org/stable/c/b226804532a875c10276168dc55ce752944096bd
- git.kernel.org https://git.kernel.org/stable/c/b6536c1ced315fa645576d3a39c6e07f2a472962