VDB

CVE-2026-46078

CVE-2026-46078 PUBLISHED CVSS 7.1 HIGH

Reported by Linux · Published May 27, 2026

In the Linux kernel, the following vulnerability has been resolved: erofs: fix the out-of-bounds nameoff handling for trailing dirents Currently we already have boundary-checks for nameoffs, but the trailing dirents are special since the namelens are calculated with strnlen() with unchecked nameoffs. If a crafted EROFS has a trailing dirent with nameoff >= maxsize, maxsize - nameoff can underflow, causing strnlen() to read past the directory block. nameoff0 should also be verified to be a multiple of `sizeof(struct erofs_dirent)` as well [1]. [1] https://sashiko.dev/#/patchset/20260416063511.3173774-1-hsiangkao%40linux.alibaba.com

EPSS 0.01% · 2.3th percentile

Risk Scores

CVSS 3.1
7.1
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
EPSS Score
0.01%
2.3th percentile

Affected Products

VendorProductVersions
LinuxLinux3aa8ec716e52c02360457fa018296629b4d0becf, 3aa8ec716e52c02360457fa018296629b4d0becf, 3aa8ec716e52c02360457fa018296629b4d0becf
LinuxLinux4.19, 0, 5.10.259
LinuxLinux7.1, 3aa8ec716e52c02360457fa018296629b4d0becf, 3aa8ec716e52c02360457fa018296629b4d0becf
linuxlinux_kernel4.19, 4.19, 4.19

Timeline

  • May 27, 2026 CVE Published
  • May 28, 2026 EPSS Score
  • May 29, 2026 EPSS Score
  • May 29, 2026 Security Advisory
  • May 30, 2026 EPSS Score
  • May 31, 2026 EPSS Score
  • Jun 1, 2026 EPSS Score
  • Jun 4, 2026 Coalition ESS Score
  • Jun 5, 2026 EPSS Score
  • Jun 19, 2026 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›