Squashfs: check metadata block offset is within range

Summary

CVE	CVE-2026-23388
State	PUBLISHED
Assigner	Linux
Source Priority	CVE Program / NVD first with legacy fallback
Published	2026-03-25 11:16:39 UTC
Updated	2026-04-18 09:16:22 UTC
Description	In the Linux kernel, the following vulnerability has been resolved: Squashfs: check metadata block offset is within range Syzkaller reports a "general protection fault in squashfs_copy_data" This is ultimately caused by a corrupted index look-up table, which produces a negative metadata block offset. This is subsequently passed to squashfs_copy_data (via squashfs_read_metadata) where the negative offset causes an out of bounds access. The fix is to check that the offset is within range in squashfs_read_metadata. This will trap this and other cases.

Risk And Classification

EPSS: 0.000320000 probability, percentile 0.090980000 (date 2026-04-18)

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Linux	Linux	affected f400e12656ab518be107febfe2315fb1eab5a342 60f679f643f3f36a8571ea585e4ce5d93ef952b5 git	Not specified
CNA	Linux	Linux	affected f400e12656ab518be107febfe2315fb1eab5a342 3f68a9457a6190814377577374da75f872e0a013 git	Not specified
CNA	Linux	Linux	affected f400e12656ab518be107febfe2315fb1eab5a342 0c8ab092aec3ac4294940054772d30b511b16713 git	Not specified
CNA	Linux	Linux	affected f400e12656ab518be107febfe2315fb1eab5a342 6b847d65f5b0065e02080c61fad93d57d6686383 git	Not specified
CNA	Linux	Linux	affected f400e12656ab518be107febfe2315fb1eab5a342 9e9fa5ad37c9cbad73c165c7ff1e76e650825e7c git	Not specified
CNA	Linux	Linux	affected f400e12656ab518be107febfe2315fb1eab5a342 01ee0bcc29864b78249308e8b35042b09bbf5fe3 git	Not specified
CNA	Linux	Linux	affected f400e12656ab518be107febfe2315fb1eab5a342 3b9499e7d677dd4366239a292238489a804936b2 git	Not specified
CNA	Linux	Linux	affected f400e12656ab518be107febfe2315fb1eab5a342 fdb24a820a5832ec4532273282cbd4f22c291a0d git	Not specified
CNA	Linux	Linux	affected 2.6.29	Not specified
CNA	Linux	Linux	unaffected 2.6.29 semver	Not specified
CNA	Linux	Linux	unaffected 5.10.253 5.10.* semver	Not specified
CNA	Linux	Linux	unaffected 5.15.203 5.15.* semver	Not specified
CNA	Linux	Linux	unaffected 6.1.167 6.1.* semver	Not specified
CNA	Linux	Linux	unaffected 6.6.130 6.6.* semver	Not specified
CNA	Linux	Linux	unaffected 6.12.77 6.12.* semver	Not specified
CNA	Linux	Linux	unaffected 6.18.17 6.18.* semver	Not specified
CNA	Linux	Linux	unaffected 6.19.7 6.19.* semver	Not specified
CNA	Linux	Linux	unaffected 7.0 * original_commit_for_fix	Not specified

References

Reference	Source	Link	Tags
git.kernel.org/stable/c/60f679f643f3f36a8571ea585e4ce5d93ef952b5	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/9e9fa5ad37c9cbad73c165c7ff1e76e650825e7c	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/fdb24a820a5832ec4532273282cbd4f22c291a0d	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/3f68a9457a6190814377577374da75f872e0a013	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/01ee0bcc29864b78249308e8b35042b09bbf5fe3	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/6b847d65f5b0065e02080c61fad93d57d6686383	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/0c8ab092aec3ac4294940054772d30b511b16713	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/3b9499e7d677dd4366239a292238489a804936b2	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.