CVE-2026-43063 Linux CVE debrief

Who should care

Linux system administrators, kernel maintainers, and organizations running XFS filesystems on affected kernel versions, particularly those exposing local filesystem operations to untrusted users or handling XFS image recovery.

Technical summary

The xfs_attri_recover_work function in the Linux kernel's XFS log recovery path incorrectly calls irele on an inode pointer after xlog_recovery_iget* fails. These helper functions do not initialize the inode pointer to a valid value when returning an error, causing irele to operate on a dangling pointer. This use-after-free condition during XFS attribute recovery can lead to memory corruption with local attack vectors.

Defensive priority

HIGH

Recommended defensive actions

• Apply the appropriate stable kernel patch for your affected version branch as referenced in the official kernel Git repositories.
• Prioritize patching systems that process untrusted XFS filesystem images or participate in log recovery scenarios.
• Monitor for kernel updates from your Linux distribution vendor that incorporate the fixed XFS recovery code.
• Restrict local access to systems where untrusted users may introduce crafted XFS filesystem images for recovery.

Evidence notes

The vulnerability description confirms xlog_recovery_iget* never sets @ip to a valid pointer on error return, making subsequent irele a use-after-free. NVD CPE data indicates affected Linux kernel versions from 6.10 through 6.12.80, 6.13 through 6.18.21, 6.19 through 6.19.11, and 7.0-rc1 through 7.0-rc5. CVSS 3.1 vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H yields score 7.8 (HIGH). Four stable kernel patches are available.

Official resources