PT-2026-37386 · Linux+4 · Linux+158

Syzbot

·

Published

2026-05-06

·

Updated

2026-05-26

·

CVE-2026-43076

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description An issue exists in the OCFS2 file system where the ocfs2 validate inode block() function fails to validate the size of inline data when reading an inode from disk. In cases of filesystem corruption, the i size variable can exceed the actual inline data capacity (id count). This discrepancy leads the ocfs2 dir foreach blk id() function to iterate beyond the inline data buffer, resulting in a use-after-free (UAF) condition—where the system continues to use a pointer after it has been freed—when accessing directory entries via the ocfs2 check dir entry() function.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

CVE-2026-43076

Affected Products

Linux
Linux-Allwinner-5.19
Linux-Aws
Linux-Aws-5.0
Linux-Aws-5.11
Linux-Aws-5.13
Linux-Aws-5.15
Linux-Aws-5.19
Linux-Aws-5.3
Linux-Aws-5.4
Linux-Aws-5.8
Linux-Aws-6.14
Linux-Aws-6.17
Linux-Aws-6.2
Linux-Aws-6.5
Linux-Aws-6.8
Linux-Aws-Fips
Linux-Aws-Hwe
Linux-Azure
Linux-Azure-4.15
Linux-Azure-5.11
Linux-Azure-5.13
Linux-Azure-5.15
Linux-Azure-5.19
Linux-Azure-5.3
Linux-Azure-5.4
Linux-Azure-5.8
Linux-Azure-6.11
Linux-Azure-6.14
Linux-Azure-6.17
Linux-Azure-6.2
Linux-Azure-6.5
Linux-Azure-6.8
Linux-Azure-Edge
Linux-Azure-Fde
Linux-Azure-Fde-5.15
Linux-Azure-Fde-5.19
Linux-Azure-Fde-6.14
Linux-Azure-Fde-6.17
Linux-Azure-Fde-6.2
Linux-Azure-Fde-6.8
Linux-Azure-Fips
Linux-Azure-Nvidia
Linux-Azure-Nvidia-6.14
Linux-Bluefield
Linux-Fips
Linux-Gcp
Linux-Gcp-4.15
Linux-Gcp-5.11
Linux-Gcp-5.13
Linux-Gcp-5.15
Linux-Gcp-5.19
Linux-Gcp-5.3
Linux-Gcp-5.4
Linux-Gcp-5.8
Linux-Gcp-6.11
Linux-Gcp-6.14
Linux-Gcp-6.17
Linux-Gcp-6.2
Linux-Gcp-6.5
Linux-Gcp-6.8
Linux-Gcp-Fips
Linux-Gke
Linux-Gke-4.15
Linux-Gkeop-5.15
Linux-Gke-5.4
Linux-Gkeop
Linux-Hwe
Linux-Hwe-5.11
Linux-Hwe-5.13
Linux-Hwe-5.15
Linux-Hwe-5.19
Linux-Hwe-5.4
Linux-Hwe-5.8
Linux-Hwe-6.11
Linux-Hwe-6.14
Linux-Hwe-6.17
Linux-Hwe-6.2
Linux-Hwe-6.5
Linux-Hwe-6.8
Linux-Hwe-Edge
Linux-Ibm
Linux-Ibm-5.15
Linux-Ibm-5.4
Linux-Ibm-6.8
Linux-Intel-5.13
Linux-Intel-Iot-Realtime
Linux-Intel-Iotg
Linux-Intel-Iotg-5.15
Linux-Iot
Linux-Kvm
Linux-Lowlatency
Linux-Lowlatency-Hwe-5.15
Linux-Lowlatency-Hwe-5.19
Linux-Lowlatency-Hwe-6.11
Linux-Lowlatency-Hwe-6.2
Linux-Lowlatency-Hwe-6.5
Linux-Lowlatency-Hwe-6.8
Linux-Lts
Linux-Lts-Xenial
Linux-Nvidia
Linux-Nvidia-6.11
Linux-Nvidia-6.17
Linux-Nvidia-6.2
Linux-Nvidia-6.5
Linux-Nvidia-6.8
Linux-Nvidia-Lowlatency
Linux-Nvidia-Tegra
Linux-Nvidia-Tegra-5.15
Linux-Nvidia-Tegra-Igx
Linux-Oem
Linux-Oem-5.10
Linux-Oem-5.13
Linux-Oem-5.14
Linux-Oem-5.17
Linux-Oem-5.6
Linux-Oem-6.0
Linux-Oem-6.1
Linux-Oem-6.11
Linux-Oem-6.14
Linux-Oem-6.17
Linux-Oem-6.5
Linux-Oem-6.8
Linux-Oracle
Linux-Oracle-5.0
Linux-Oracle-5.11
Linux-Oracle-5.13
Linux-Oracle-5.15
Linux-Oracle-5.3
Linux-Oracle-5.4
Linux-Oracle-5.8
Linux-Oracle-6.14
Linux-Oracle-6.17
Linux-Oracle-6.5
Linux-Oracle-6.8
Linux-Raspi
Linux-Raspi-5.4
Linux-Raspi-Realtime
Linux-Raspi2
Linux-Realtime
Linux-Realtime-6.14
Linux-Realtime-6.17
Linux-Realtime-6.8
Linux-Riscv
Linux-Riscv-5.11
Linux-Riscv-5.15
Linux-Riscv-5.19
Linux-Riscv-5.8
Linux-Riscv-6.14
Linux-Riscv-6.17
Linux-Riscv-6.5
Linux-Riscv-6.8
Linux-Starfive-5.19
Linux-Starfive-6.2
Linux-Starfive-6.5
Linux-Xilinx
Linux-Xilinx-Zynqmp
Linux Kernel
Rootio-Linux