CVE-2026-43068 Linux CVE debrief

Who should care

Linux kernel maintainers, distribution kernel teams, and administrators running ext4 on affected kernel versions should care, especially where filesystem corruption or recovery scenarios are possible.

Technical summary

The report says ext4_mb_find_by_goal() can end up allocating from a block group already marked corrupted. After the bitmap-read path was changed to return real error codes, ext4_mb_load_buddy() may fail before the later corruption check is reached, so the allocator can return an error instead of skipping the bad group. NVD classifies the impact as availability-only, with local access required and no user interaction.

Defensive priority

Medium

Recommended defensive actions

• Apply the relevant stable kernel fixes referenced by NVD for your supported kernel line.
• Prioritize updates on systems that rely on ext4 and are exposed to filesystem corruption or repeated allocation errors.
• Watch kernel logs for repeated ext4 delayed block allocation failures and related corruption messages.
• If a system shows these errors, follow normal filesystem recovery and integrity-check procedures before returning it to service.
• Confirm your deployed kernel falls within one of the affected version ranges listed by NVD.

Evidence notes

CVE publishedAt is 2026-05-05T16:16:16.053Z and modifiedAt is 2026-05-20T23:09:44.863Z. The source description includes repeated EXT4-fs delayed allocation failures and states that blocks are always requested from the corrupted block group. NVD lists affected Linux kernel ranges from 3.12 through multiple maintained branches up to the stated fixed versions, plus 7.0 release candidates. NVD also lists patch references on git.kernel.org.

Official resources