{"api_version":"1","generated_at":"2026-05-07T03:16:51+00:00","cve":"CVE-2026-43068","urls":{"html":"https://cve.report/CVE-2026-43068","api":"https://cve.report/api/cve/CVE-2026-43068.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-43068","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-43068"},"summary":{"title":"ext4: avoid allocate block from corrupted group in ext4_mb_find_by_goal()","description":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid allocate block from corrupted group in ext4_mb_find_by_goal()\n\nThere's issue as follows:\n...\nEXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 206 at logical offset 0 with max blocks 1 with error 117\nEXT4-fs (mmcblk0p1): This should not happen!! Data will be lost\n\nEXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 206 at logical offset 0 with max blocks 1 with error 117\nEXT4-fs (mmcblk0p1): This should not happen!! Data will be lost\n\nEXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 206 at logical offset 0 with max blocks 1 with error 117\nEXT4-fs (mmcblk0p1): This should not happen!! Data will be lost\n\nEXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 206 at logical offset 0 with max blocks 1 with error 117\nEXT4-fs (mmcblk0p1): This should not happen!! Data will be lost\n\nEXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 2243 at logical offset 0 with max blocks 1 with error 117\nEXT4-fs (mmcblk0p1): This should not happen!! Data will be lost\n\nEXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 2239 at logical offset 0 with max blocks 1 with error 117\nEXT4-fs (mmcblk0p1): This should not happen!! Data will be lost\n\nEXT4-fs (mmcblk0p1): error count since last fsck: 1\nEXT4-fs (mmcblk0p1): initial error at time 1765597433: ext4_mb_generate_buddy:760\nEXT4-fs (mmcblk0p1): last error at time 1765597433: ext4_mb_generate_buddy:760\n...\n\nAccording to the log analysis, blocks are always requested from the\ncorrupted block group. This may happen as follows:\next4_mb_find_by_goal\n  ext4_mb_load_buddy\n   ext4_mb_load_buddy_gfp\n     ext4_mb_init_cache\n      ext4_read_block_bitmap_nowait\n      ext4_wait_block_bitmap\n       ext4_validate_block_bitmap\n        if (!grp || EXT4_MB_GRP_BBITMAP_CORRUPT(grp))\n         return -EFSCORRUPTED; // There's no logs.\n if (err)\n  return err;  // Will return error\next4_lock_group(ac->ac_sb, group);\n  if (unlikely(EXT4_MB_GRP_BBITMAP_CORRUPT(e4b->bd_info))) // Unreachable\n   goto out;\n\nAfter commit 9008a58e5dce (\"ext4: make the bitmap read routines return\nreal error codes\") merged, Commit 163a203ddb36 (\"ext4: mark block group\nas corrupt on block bitmap error\") is no real solution for allocating\nblocks from corrupted block groups. This is because if\n'EXT4_MB_GRP_BBITMAP_CORRUPT(e4b->bd_info)' is true, then\n'ext4_mb_load_buddy()' may return an error. This means that the block\nallocation will fail.\nTherefore, check block group if corrupted when ext4_mb_load_buddy()\nreturns error.","state":"PUBLISHED","assigner":"Linux","published_at":"2026-05-05 16:16:16","updated_at":"2026-05-06 13:08:07"},"problem_types":[],"metrics":[],"references":[{"url":"https://git.kernel.org/stable/c/2d31a5073f86a177edf44015e0dedb0c47cfd6d8","name":"https://git.kernel.org/stable/c/2d31a5073f86a177edf44015e0dedb0c47cfd6d8","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/1c0d7c4cde38a887c6d74e0c89ddb25226943c78","name":"https://git.kernel.org/stable/c/1c0d7c4cde38a887c6d74e0c89ddb25226943c78","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/1895f7904be71c48f1e6f338b28f24dabd6b8aeb","name":"https://git.kernel.org/stable/c/1895f7904be71c48f1e6f338b28f24dabd6b8aeb","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/0b84571c886719823d537f05f4f07cad6357c4b7","name":"https://git.kernel.org/stable/c/0b84571c886719823d537f05f4f07cad6357c4b7","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/46066e3a06647c5b186cc6334409722622d05c44","name":"https://git.kernel.org/stable/c/46066e3a06647c5b186cc6334409722622d05c44","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/ffc0a282462d45fee5957621be5afa29752f3b6d","name":"https://git.kernel.org/stable/c/ffc0a282462d45fee5957621be5afa29752f3b6d","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/9370207b36d26e45a8c8ef0500706d37036edd6b","name":"https://git.kernel.org/stable/c/9370207b36d26e45a8c8ef0500706d37036edd6b","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/fea6b2e250ff48f10d166011b57a8516ae5438c9","name":"https://git.kernel.org/stable/c/fea6b2e250ff48f10d166011b57a8516ae5438c9","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-43068","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43068","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 163a203ddb36c36d4a1c942aececda0cc8d06aa7 fea6b2e250ff48f10d166011b57a8516ae5438c9 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 163a203ddb36c36d4a1c942aececda0cc8d06aa7 0b84571c886719823d537f05f4f07cad6357c4b7 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 163a203ddb36c36d4a1c942aececda0cc8d06aa7 ffc0a282462d45fee5957621be5afa29752f3b6d git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 163a203ddb36c36d4a1c942aececda0cc8d06aa7 2d31a5073f86a177edf44015e0dedb0c47cfd6d8 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 163a203ddb36c36d4a1c942aececda0cc8d06aa7 9370207b36d26e45a8c8ef0500706d37036edd6b git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 163a203ddb36c36d4a1c942aececda0cc8d06aa7 1895f7904be71c48f1e6f338b28f24dabd6b8aeb git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 163a203ddb36c36d4a1c942aececda0cc8d06aa7 1c0d7c4cde38a887c6d74e0c89ddb25226943c78 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 163a203ddb36c36d4a1c942aececda0cc8d06aa7 46066e3a06647c5b186cc6334409722622d05c44 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 3.12","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 3.12 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.10.253 5.10.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.15.203 5.15.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.1.168 6.1.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.6.131 6.6.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.12.80 6.12.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.18.21 6.18.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.19.11 6.19.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 7.0 * original_commit_for_fix","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Linux","programFiles":["fs/ext4/mballoc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"fea6b2e250ff48f10d166011b57a8516ae5438c9","status":"affected","version":"163a203ddb36c36d4a1c942aececda0cc8d06aa7","versionType":"git"},{"lessThan":"0b84571c886719823d537f05f4f07cad6357c4b7","status":"affected","version":"163a203ddb36c36d4a1c942aececda0cc8d06aa7","versionType":"git"},{"lessThan":"ffc0a282462d45fee5957621be5afa29752f3b6d","status":"affected","version":"163a203ddb36c36d4a1c942aececda0cc8d06aa7","versionType":"git"},{"lessThan":"2d31a5073f86a177edf44015e0dedb0c47cfd6d8","status":"affected","version":"163a203ddb36c36d4a1c942aececda0cc8d06aa7","versionType":"git"},{"lessThan":"9370207b36d26e45a8c8ef0500706d37036edd6b","status":"affected","version":"163a203ddb36c36d4a1c942aececda0cc8d06aa7","versionType":"git"},{"lessThan":"1895f7904be71c48f1e6f338b28f24dabd6b8aeb","status":"affected","version":"163a203ddb36c36d4a1c942aececda0cc8d06aa7","versionType":"git"},{"lessThan":"1c0d7c4cde38a887c6d74e0c89ddb25226943c78","status":"affected","version":"163a203ddb36c36d4a1c942aececda0cc8d06aa7","versionType":"git"},{"lessThan":"46066e3a06647c5b186cc6334409722622d05c44","status":"affected","version":"163a203ddb36c36d4a1c942aececda0cc8d06aa7","versionType":"git"}]},{"defaultStatus":"affected","product":"Linux","programFiles":["fs/ext4/mballoc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"status":"affected","version":"3.12"},{"lessThan":"3.12","status":"unaffected","version":"0","versionType":"semver"},{"lessThanOrEqual":"5.10.*","status":"unaffected","version":"5.10.253","versionType":"semver"},{"lessThanOrEqual":"5.15.*","status":"unaffected","version":"5.15.203","versionType":"semver"},{"lessThanOrEqual":"6.1.*","status":"unaffected","version":"6.1.168","versionType":"semver"},{"lessThanOrEqual":"6.6.*","status":"unaffected","version":"6.6.131","versionType":"semver"},{"lessThanOrEqual":"6.12.*","status":"unaffected","version":"6.12.80","versionType":"semver"},{"lessThanOrEqual":"6.18.*","status":"unaffected","version":"6.18.21","versionType":"semver"},{"lessThanOrEqual":"6.19.*","status":"unaffected","version":"6.19.11","versionType":"semver"},{"lessThanOrEqual":"*","status":"unaffected","version":"7.0","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.10.253","versionStartIncluding":"3.12","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"5.15.203","versionStartIncluding":"3.12","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.1.168","versionStartIncluding":"3.12","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.6.131","versionStartIncluding":"3.12","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.12.80","versionStartIncluding":"3.12","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.18.21","versionStartIncluding":"3.12","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.19.11","versionStartIncluding":"3.12","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"7.0","versionStartIncluding":"3.12","vulnerable":true}],"negate":false,"operator":"OR"}]}],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid allocate block from corrupted group in ext4_mb_find_by_goal()\n\nThere's issue as follows:\n...\nEXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 206 at logical offset 0 with max blocks 1 with error 117\nEXT4-fs (mmcblk0p1): This should not happen!! Data will be lost\n\nEXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 206 at logical offset 0 with max blocks 1 with error 117\nEXT4-fs (mmcblk0p1): This should not happen!! Data will be lost\n\nEXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 206 at logical offset 0 with max blocks 1 with error 117\nEXT4-fs (mmcblk0p1): This should not happen!! Data will be lost\n\nEXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 206 at logical offset 0 with max blocks 1 with error 117\nEXT4-fs (mmcblk0p1): This should not happen!! Data will be lost\n\nEXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 2243 at logical offset 0 with max blocks 1 with error 117\nEXT4-fs (mmcblk0p1): This should not happen!! Data will be lost\n\nEXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 2239 at logical offset 0 with max blocks 1 with error 117\nEXT4-fs (mmcblk0p1): This should not happen!! Data will be lost\n\nEXT4-fs (mmcblk0p1): error count since last fsck: 1\nEXT4-fs (mmcblk0p1): initial error at time 1765597433: ext4_mb_generate_buddy:760\nEXT4-fs (mmcblk0p1): last error at time 1765597433: ext4_mb_generate_buddy:760\n...\n\nAccording to the log analysis, blocks are always requested from the\ncorrupted block group. This may happen as follows:\next4_mb_find_by_goal\n  ext4_mb_load_buddy\n   ext4_mb_load_buddy_gfp\n     ext4_mb_init_cache\n      ext4_read_block_bitmap_nowait\n      ext4_wait_block_bitmap\n       ext4_validate_block_bitmap\n        if (!grp || EXT4_MB_GRP_BBITMAP_CORRUPT(grp))\n         return -EFSCORRUPTED; // There's no logs.\n if (err)\n  return err;  // Will return error\next4_lock_group(ac->ac_sb, group);\n  if (unlikely(EXT4_MB_GRP_BBITMAP_CORRUPT(e4b->bd_info))) // Unreachable\n   goto out;\n\nAfter commit 9008a58e5dce (\"ext4: make the bitmap read routines return\nreal error codes\") merged, Commit 163a203ddb36 (\"ext4: mark block group\nas corrupt on block bitmap error\") is no real solution for allocating\nblocks from corrupted block groups. This is because if\n'EXT4_MB_GRP_BBITMAP_CORRUPT(e4b->bd_info)' is true, then\n'ext4_mb_load_buddy()' may return an error. This means that the block\nallocation will fail.\nTherefore, check block group if corrupted when ext4_mb_load_buddy()\nreturns error."}],"providerMetadata":{"dateUpdated":"2026-05-05T15:23:27.371Z","orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux"},"references":[{"url":"https://git.kernel.org/stable/c/fea6b2e250ff48f10d166011b57a8516ae5438c9"},{"url":"https://git.kernel.org/stable/c/0b84571c886719823d537f05f4f07cad6357c4b7"},{"url":"https://git.kernel.org/stable/c/ffc0a282462d45fee5957621be5afa29752f3b6d"},{"url":"https://git.kernel.org/stable/c/2d31a5073f86a177edf44015e0dedb0c47cfd6d8"},{"url":"https://git.kernel.org/stable/c/9370207b36d26e45a8c8ef0500706d37036edd6b"},{"url":"https://git.kernel.org/stable/c/1895f7904be71c48f1e6f338b28f24dabd6b8aeb"},{"url":"https://git.kernel.org/stable/c/1c0d7c4cde38a887c6d74e0c89ddb25226943c78"},{"url":"https://git.kernel.org/stable/c/46066e3a06647c5b186cc6334409722622d05c44"}],"title":"ext4: avoid allocate block from corrupted group in ext4_mb_find_by_goal()","x_generator":{"engine":"bippy-1.2.0"}}},"cveMetadata":{"assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","assignerShortName":"Linux","cveId":"CVE-2026-43068","datePublished":"2026-05-05T15:23:27.371Z","dateReserved":"2026-05-01T14:12:55.982Z","dateUpdated":"2026-05-05T15:23:27.371Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-05 16:16:16","lastModifiedDate":"2026-05-06 13:08:07","problem_types":[],"metrics":[],"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"43068","Ordinal":"1","Title":"ext4: avoid allocate block from corrupted group in ext4_mb_find_","CVE":"CVE-2026-43068","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"43068","Ordinal":"1","NoteData":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid allocate block from corrupted group in ext4_mb_find_by_goal()\n\nThere's issue as follows:\n...\nEXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 206 at logical offset 0 with max blocks 1 with error 117\nEXT4-fs (mmcblk0p1): This should not happen!! Data will be lost\n\nEXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 206 at logical offset 0 with max blocks 1 with error 117\nEXT4-fs (mmcblk0p1): This should not happen!! Data will be lost\n\nEXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 206 at logical offset 0 with max blocks 1 with error 117\nEXT4-fs (mmcblk0p1): This should not happen!! Data will be lost\n\nEXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 206 at logical offset 0 with max blocks 1 with error 117\nEXT4-fs (mmcblk0p1): This should not happen!! Data will be lost\n\nEXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 2243 at logical offset 0 with max blocks 1 with error 117\nEXT4-fs (mmcblk0p1): This should not happen!! Data will be lost\n\nEXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 2239 at logical offset 0 with max blocks 1 with error 117\nEXT4-fs (mmcblk0p1): This should not happen!! Data will be lost\n\nEXT4-fs (mmcblk0p1): error count since last fsck: 1\nEXT4-fs (mmcblk0p1): initial error at time 1765597433: ext4_mb_generate_buddy:760\nEXT4-fs (mmcblk0p1): last error at time 1765597433: ext4_mb_generate_buddy:760\n...\n\nAccording to the log analysis, blocks are always requested from the\ncorrupted block group. This may happen as follows:\next4_mb_find_by_goal\n  ext4_mb_load_buddy\n   ext4_mb_load_buddy_gfp\n     ext4_mb_init_cache\n      ext4_read_block_bitmap_nowait\n      ext4_wait_block_bitmap\n       ext4_validate_block_bitmap\n        if (!grp || EXT4_MB_GRP_BBITMAP_CORRUPT(grp))\n         return -EFSCORRUPTED; // There's no logs.\n if (err)\n  return err;  // Will return error\next4_lock_group(ac->ac_sb, group);\n  if (unlikely(EXT4_MB_GRP_BBITMAP_CORRUPT(e4b->bd_info))) // Unreachable\n   goto out;\n\nAfter commit 9008a58e5dce (\"ext4: make the bitmap read routines return\nreal error codes\") merged, Commit 163a203ddb36 (\"ext4: mark block group\nas corrupt on block bitmap error\") is no real solution for allocating\nblocks from corrupted block groups. This is because if\n'EXT4_MB_GRP_BBITMAP_CORRUPT(e4b->bd_info)' is true, then\n'ext4_mb_load_buddy()' may return an error. This means that the block\nallocation will fail.\nTherefore, check block group if corrupted when ext4_mb_load_buddy()\nreturns error.","Type":"Description","Title":"ext4: avoid allocate block from corrupted group in ext4_mb_find_"}]}}}