VDB

DEBIAN-CVE-2026-43153

DEBIAN-CVE-2026-43153 PUBLISHED CVSS 7.800000190734863 HIGH

In the Linux kernel, the following vulnerability has been resolved: xfs: remove xfs_attr_leaf_hasname The calling convention of xfs_attr_leaf_hasname() is problematic, because it returns a NULL buffer when xfs_attr3_leaf_read fails, a valid buffer when xfs_attr3_leaf_lookup_int returns -ENOATTR or -EEXIST, and a non-NULL buffer pointer for an already released buffer when xfs_attr3_leaf_lookup_int fails with other error values. Fix this by simply open coding xfs_attr_leaf_hasname in the callers, so that the buffer release code is done by each caller of xfs_attr3_leaf_read.

Risk Scores

CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Debian:13linux0, 6.12.85-1, 6.12.74-2
Debian:14linux6.12.85-1, 6.12.86-1, 6.13.10-1
Debian:11linux7.1, 6.1.148-1, 6.1.15-1
Debian:12linux6.1.158-1, 6.1.159-1, 6.1.162-1

Timeline

  • May 6, 2026 CVE Published
  • May 9, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›