CVE-2026-46094

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ext4: fix bounds check in check_xattrs() to prevent out-of-bounds access<br /> <br /> The bounds check for the next xattr entry in check_xattrs() uses<br /> (void *)next &gt;= end, which allows next to point within sizeof(u32)<br /> bytes of end. On the next loop iteration, IS_LAST_ENTRY() reads 4<br /> bytes via *(__u32 *)(entry), which can overrun the valid xattr region.<br /> <br /> For example, if next lands at end - 1, the check passes since<br /> next end,<br /> ensuring there is always enough space for the IS_LAST_ENTRY() read<br /> on the subsequent iteration.