CVE-2026-23388
Gravedad:
Pendiente de análisis
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
25/03/2026
Última modificación:
25/03/2026
Descripción
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
Squashfs: check metadata block offset is within range<br />
<br />
Syzkaller reports a "general protection fault in squashfs_copy_data"<br />
<br />
This is ultimately caused by a corrupted index look-up table, which<br />
produces a negative metadata block offset.<br />
<br />
This is subsequently passed to squashfs_copy_data (via<br />
squashfs_read_metadata) where the negative offset causes an out of bounds<br />
access.<br />
<br />
The fix is to check that the offset is within range in<br />
squashfs_read_metadata. This will trap this and other cases.
Impacto
Referencias a soluciones, herramientas e información
- https://git.kernel.org/stable/c/01ee0bcc29864b78249308e8b35042b09bbf5fe3
- https://git.kernel.org/stable/c/0c8ab092aec3ac4294940054772d30b511b16713
- https://git.kernel.org/stable/c/3b9499e7d677dd4366239a292238489a804936b2
- https://git.kernel.org/stable/c/6b847d65f5b0065e02080c61fad93d57d6686383
- https://git.kernel.org/stable/c/9e9fa5ad37c9cbad73c165c7ff1e76e650825e7c
- https://git.kernel.org/stable/c/fdb24a820a5832ec4532273282cbd4f22c291a0d