CVE-2026-45943
Gravedad CVSS v3.1:
ALTA
Tipo:
CWE-125
Lectura fuera de límites
Fecha de publicación:
27/05/2026
Última modificación:
24/06/2026
Descripción
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
erofs: fix inline data read failure for ztailpacking pclusters<br />
<br />
Compressed folios for ztailpacking pclusters must be valid before adding<br />
these pclusters to I/O chains. Otherwise, z_erofs_decompress_pcluster()<br />
may assume they are already valid and then trigger a NULL pointer<br />
dereference.<br />
<br />
It is somewhat hard to reproduce because the inline data is in the same<br />
block as the tail of the compressed indexes, which are usually read just<br />
before. However, it may still happen if a fatal signal arrives while<br />
read_mapping_folio() is running, as shown below:<br />
<br />
erofs: (device dm-1): z_erofs_pcluster_begin: failed to get inline data -4<br />
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008<br />
<br />
...<br />
<br />
pc : z_erofs_decompress_queue+0x4c8/0xa14<br />
lr : z_erofs_decompress_queue+0x160/0xa14<br />
sp : ffffffc08b3eb3a0<br />
x29: ffffffc08b3eb570 x28: ffffffc08b3eb418 x27: 0000000000001000<br />
x26: ffffff8086ebdbb8 x25: ffffff8086ebdbb8 x24: 0000000000000001<br />
x23: 0000000000000008 x22: 00000000fffffffb x21: dead000000000700<br />
x20: 00000000000015e7 x19: ffffff808babb400 x18: ffffffc089edc098<br />
x17: 00000000c006287d x16: 00000000c006287d x15: 0000000000000004<br />
x14: ffffff80ba8f8000 x13: 0000000000000004 x12: 00000006589a77c9<br />
x11: 0000000000000015 x10: 0000000000000000 x9 : 0000000000000000<br />
x8 : 0000000000000000 x7 : 0000000000000000 x6 : 000000000000003f<br />
x5 : 0000000000000040 x4 : ffffffffffffffe0 x3 : 0000000000000020<br />
x2 : 0000000000000008 x1 : 0000000000000000 x0 : 0000000000000000<br />
Call trace:<br />
z_erofs_decompress_queue+0x4c8/0xa14<br />
z_erofs_runqueue+0x908/0x97c<br />
z_erofs_read_folio+0x128/0x228<br />
filemap_read_folio+0x68/0x128<br />
filemap_get_pages+0x44c/0x8b4<br />
filemap_read+0x12c/0x5b8<br />
generic_file_read_iter+0x4c/0x15c<br />
do_iter_readv_writev+0x188/0x1e0<br />
vfs_iter_read+0xac/0x1a4<br />
backing_file_read_iter+0x170/0x34c<br />
ovl_read_iter+0xf0/0x140<br />
vfs_read+0x28c/0x344<br />
ksys_read+0x80/0xf0<br />
__arm64_sys_read+0x24/0x34<br />
invoke_syscall+0x60/0x114<br />
el0_svc_common+0x88/0xe4<br />
do_el0_svc+0x24/0x30<br />
el0_svc+0x40/0xa8<br />
el0t_64_sync_handler+0x70/0xbc<br />
el0t_64_sync+0x1bc/0x1c0<br />
<br />
Fix this by reading the inline data before allocating and adding<br />
the pclusters to the I/O chains.
Impacto
Puntuación base 3.x
7.10
Gravedad 3.x
ALTA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.17 (incluyendo) | 6.12.78 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (incluyendo) | 6.18.14 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.19 (incluyendo) | 6.19.4 (excluyendo) |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página



