CVE-2026-53130

In the Linux kernel, the following vulnerability has been resolved:

fs/omfs: reject s sys blocksize smaller than OMFS DIR START

omfs fill super() rejects oversized s sys blocksize values (> PAGE SIZE), but it does not reject values smaller than OMFS DIR START (0x1b8 = 440).

Later, omfs make empty() uses

sbi->s sys blocksize - OMFS DIR START

as the length argument to memset(). Since s sys blocksize is u32, a crafted filesystem image with s sys blocksize < OMFS DIR START causes an unsigned underflow there, wrapping to a value near 2^32. That drives a ~4 GiB memset() from bh->b data + OMFS DIR START and overwrites kernel memory far beyond the backing block buffer.

Add the corresponding lower-bound check alongside the existing upper-bound check in omfs fill super(), so that malformed images are rejected during superblock validation before any filesystem data is processed.