CVE-2026-46169

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the hfsplus module where the hfs brec read() function fails to validate that the on-disk record size matches the expected size for the record type being read. When mounting a corrupted filesystem, the function may perform a partial read, leaving parts of the data structure uninitialized. This uninitialized data in tmp.thread.nodeName is subsequently copied by hfsplus cat build key uni() and used by hfsplus strcasecmp(), which triggers a memory error when the uninitialized bytes are used as array indices in case fold().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.