erofs: fix incorrect early exits in volume label handling

MITRE NVD CVE.ORG JSON API Print: PDF PDF

Summary

CVECVE-2026-43154
StatePUBLISHED
AssignerLinux
Source PriorityCVE Program / NVD first with legacy fallback
Published2026-05-06 12:16:33 UTC
Updated2026-05-06 13:07:51 UTC
DescriptionIn the Linux kernel, the following vulnerability has been resolved: erofs: fix incorrect early exits in volume label handling Crafted EROFS images containing valid volume labels can trigger incorrect early returns, leading to folio reference leaks. However, this does not cause system crashes or other severe issues.

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA Linux Linux affected 1cf12c7177410afcb53f815315d1247ea57fae4f 8d8a878ef60801d867119b3df6a93e2982d62a71 git Not specified
CNA Linux Linux affected 1cf12c7177410afcb53f815315d1247ea57fae4f d498bd168494ad4a4bce16192bfb9ce04ca19c9a git Not specified
CNA Linux Linux affected 1cf12c7177410afcb53f815315d1247ea57fae4f 3afa4da38802a4cba1c23848a32284e7e57b831b git Not specified
CNA Linux Linux affected 6.18 Not specified
CNA Linux Linux unaffected 6.18 semver Not specified
CNA Linux Linux unaffected 6.18.16 6.18.* semver Not specified
CNA Linux Linux unaffected 6.19.6 6.19.* semver Not specified
CNA Linux Linux unaffected 7.0 * original_commit_for_fix Not specified

References

ReferenceSourceLinkTags
git.kernel.org/stable/c/8d8a878ef60801d867119b3df6a93e2982d62a71 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/3afa4da38802a4cba1c23848a32284e7e57b831b 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/d498bd168494ad4a4bce16192bfb9ce04ca19c9a 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report