PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-43365 Git CVE debrief

CVE-2026-43365 is a Linux kernel XFS issue where an undersized in-core log roundoff value can be set when the superblock does not list a log stripe unit. The supplied record says this can corrupt logs and leave filesystems unmountable, especially when a filesystem is created or tested on media with 4k physical sectors. NVD rates the issue 8.2 HIGH.

Vendor
Git
Product
Unknown
CVSS
HIGH 8.2
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-08
Original CVE updated
2026-05-11
Advisory published
2026-05-08
Advisory updated
2026-05-11

Who should care

Linux administrators, kernel maintainers, storage and virtualization teams, and anyone operating XFS filesystems on systems that may be upgraded, cloned, fuzzed, or deployed on 4k-sector storage.

Technical summary

Per the CVE description, XFS may initialize the in-core log roundoff value to 512 when the superblock has no log stripe unit. On 4k physical-sector media, that value is too small for the log geometry shown in the report, which can lead to torn-write detection, failed log tail location, log mount/recovery failure, and an unmountable filesystem. The record also notes this can arise from a broken mkfs path, but that ondisk superblocks can also be fuzzed, so the kernel-side check needed to be more cautious.

Defensive priority

High. The issue can affect filesystem integrity and availability, with reported outcomes including corrupt logs and failed mounts. Systems using XFS on 4k-sector storage should be treated as priority for patching and validation.

Recommended defensive actions

  • Apply the Linux kernel fix that addresses undersized l_iclog_roundoff handling once it is available in your distribution or stable branch.
  • Check whether your XFS deployments use 4k physical-sector devices or images created by affected mkfs workflows.
  • Validate backups and recovery procedures for any XFS volumes that showed log mount/recovery errors.
  • Review kernel and storage-layer logs for XFS messages such as torn write, failed to locate log tail, or log mount/recovery failed.
  • If you maintain images or installers, ensure the mkfs path does not generate inconsistent XFS log geometry.
  • Track vendor advisories and kernel stable backports before rolling affected systems back into service.

Evidence notes

The source corpus states that when the superblock does not list a log stripe unit, XFS sets the in-core log roundoff value to 512, which can corrupt logs and make filesystems unmountable on 4k physical-sector media. The CVE was published on 2026-05-08 and modified on 2026-05-11. The supplied NVD record includes multiple official kernel.org stable commit references, but their commit contents are not available in the provided corpus, so this debrief limits itself to the described behavior and impact.

Official resources

Publicly disclosed in the CVE/NVD record on 2026-05-08 15:16:47.490Z and last modified on 2026-05-11 08:16:11.273Z, based on the supplied timeline fields.