CVE-2026-46078

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified) openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1

Description An issue exists in the EROFS (Enhanced Read-Only File System) implementation where out-of-bounds handling occurs for trailing directory entries. While boundary checks for nameoff are present, trailing entries are processed using strnlen() with unchecked nameoff values. A specially crafted EROFS image containing a trailing directory entry with a nameoff greater than or equal to maxsize can cause an underflow in the calculation of maxsize - nameoff, leading strnlen() to read beyond the directory block. Additionally, nameoff0 must be verified as a multiple of sizeof(struct erofs dirent).

Recommendations Update to a version of the Linux kernel where the EROFS out-of-bounds nameoff handling is resolved. Update openSUSE Tumbleweed to kernel-devel-7.0.11-1.1.