CVE-2026-46078
Reported by Linux · Published May 27, 2026
In the Linux kernel, the following vulnerability has been resolved: erofs: fix the out-of-bounds nameoff handling for trailing dirents Currently we already have boundary-checks for nameoffs, but the trailing dirents are special since the namelens are calculated with strnlen() with unchecked nameoffs. If a crafted EROFS has a trailing dirent with nameoff >= maxsize, maxsize - nameoff can underflow, causing strnlen() to read past the directory block. nameoff0 should also be verified to be a multiple of `sizeof(struct erofs_dirent)` as well [1]. [1] https://sashiko.dev/#/patchset/20260416063511.3173774-1-hsiangkao%40linux.alibaba.com
EPSS 0.01% · 2.3th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux | 3aa8ec716e52c02360457fa018296629b4d0becf, 3aa8ec716e52c02360457fa018296629b4d0becf, 3aa8ec716e52c02360457fa018296629b4d0becf |
| Linux | Linux | 4.19, 0, 5.10.259 |
| Linux | Linux | 7.1, 3aa8ec716e52c02360457fa018296629b4d0becf, 3aa8ec716e52c02360457fa018296629b4d0becf |
| linux | linux_kernel | 4.19, 4.19, 4.19 |
Timeline
- May 27, 2026 CVE Published
- May 28, 2026 EPSS Score
- May 29, 2026 EPSS Score
- May 29, 2026 Security Advisory
- May 30, 2026 EPSS Score
- May 31, 2026 EPSS Score
- Jun 1, 2026 EPSS Score
- Jun 4, 2026 Coalition ESS Score
- Jun 5, 2026 EPSS Score
- Jun 19, 2026 CVE Updated