CVE-2026-45991
Gravedad CVSS v3.1:
ALTA
Tipo:
CWE-787
Escritura fuera de límites
Fecha de publicación:
27/05/2026
Última modificación:
19/06/2026
Descripción
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
udf: fix partition descriptor append bookkeeping<br />
<br />
Mounting a crafted UDF image with repeated partition descriptors can<br />
trigger a heap out-of-bounds write in part_descs_loc[].<br />
<br />
handle_partition_descriptor() deduplicates entries by partition number,<br />
but appended slots never record partnum. As a result duplicate<br />
Partition Descriptors are appended repeatedly and num_part_descs keeps<br />
growing.<br />
<br />
Once the table is full, the growth path still sizes the allocation from<br />
partnum even though inserts are indexed by num_part_descs. If partnum is<br />
already aligned to PART_DESC_ALLOC_STEP, ALIGN(partnum, step) can keep<br />
the old capacity and the next append writes past the end of the table.<br />
<br />
Store partnum in the appended slot and size growth from the next append<br />
count so deduplication and capacity tracking follow the same model.
Impacto
Puntuación base 3.x
7.80
Gravedad 3.x
ALTA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.18.7 (incluyendo) | 4.19 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.19.1 (incluyendo) | 6.6.140 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (incluyendo) | 6.12.88 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (incluyendo) | 7.0.4 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:4.19:-:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:4.19:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:4.19:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:4.19:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:4.19:rc5:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:4.19:rc6:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:4.19:rc7:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:4.19:rc8:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- https://git.kernel.org/stable/c/058b451b1039f056d1362c4fec2229e522366ab0
- https://git.kernel.org/stable/c/08841b06fa64d8edbd1a21ca6e613420c90cc4b8
- https://git.kernel.org/stable/c/08fa5d818e5bf53c7ca234d88ba334f32004e9b6
- https://git.kernel.org/stable/c/68013a9bd4c01acd42073715f00e1a1992f089ee
- https://git.kernel.org/stable/c/ad3c0c4400686f6f37b382aaa48fac2b9aefccbe
- https://git.kernel.org/stable/c/b5597bb83fc37b5b5da74a4453fa920b932cf39a
- https://git.kernel.org/stable/c/e8474cfbac9ada2cdaa4eaedec22aadfa0f58559



