CVE-2026-46094
Published: May 27, 2026
Modified: May 27, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: ext4: fix bounds check in check_xattrs() to prevent out-of-bounds access The bounds check for the next xattr entry in check_xattrs() uses (void *)next >= end, which allows next to point within sizeof(u32) bytes of end. On the next loop iteration, IS_LAST_ENTRY() reads 4 bytes via *(__u32 *)(entry), which can overrun the valid xattr region. For example, if next lands at end - 1, the check passes since next < end, but IS_LAST_ENTRY() reads 4 bytes starting at end - 1, accessing 3 bytes beyond the valid region. Fix this by changing the check to (void *)next + sizeof(u32) > end, ensuring there is always enough space for the IS_LAST_ENTRY() read on the subsequent iteration.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 3478c83cf26bbffd026ae6a56bcb1fe544f0834e - < ab6da97bc310db35d4e4ef5354bc3ff626b0698caffected 3478c83cf26bbffd026ae6a56bcb1fe544f0834e - < 5a5314d2387633a272a04d1bd8727f99058e4e68affected 3478c83cf26bbffd026ae6a56bcb1fe544f0834e - < 537e065977022aa22f2c2503e8accaf16622e0fdaffected 3478c83cf26bbffd026ae6a56bcb1fe544f0834e - < 520986722dbf869c122252123fc161c7302eab7daffected 3478c83cf26bbffd026ae6a56bcb1fe544f0834e - < eceafc31ea7b42c984ece10d79d505c0bb6615d5 |
Linux | Linux | affected 6.3unaffected 0 - < 6.3unaffected 6.6.140 - <= 6.6.*unaffected 6.12.86 - <= 6.12.*unaffected 6.18.27 - <= 6.18.*+2 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now