CVE-2026-45943 Linux CVE debrief

Who should care

Linux system administrators running kernels with EROFS support, particularly those using compressed read-only filesystem images in container or embedded environments; security teams monitoring for local denial-of-service conditions; kernel maintainers tracking filesystem driver stability

Technical summary

The EROFS filesystem driver contains a race condition in ztailpacking pcluster handling where compressed folios may be assumed valid before actual validation occurs. When read_mapping_folio() is interrupted by a fatal signal, the inline data read fails with -EINTR (-4), but the pcluster is still added to I/O chains. Subsequent decompression attempts in z_erofs_decompress_queue() dereference NULL at offset 0x8, resulting in kernel panic. The fix reorders operations to ensure inline data availability before pcluster chain insertion.

Defensive priority

high

Recommended defensive actions

• Apply kernel patches from stable branches (5.15.y, 6.1.y, 6.6.y, 6.12.y) once available through distribution channels
• Monitor distribution security advisories for backported fixes
• Consider disabling EROFS if not required for system operation as temporary risk reduction
• Review systems using EROFS with ztailpacking-enabled images for potential stability concerns
• Implement kernel crash monitoring to detect potential exploitation attempts via NULL pointer dereference signatures

Evidence notes

Vulnerability confirmed via kernel commit messages and NVD entry. Multiple stable kernel branches received patches. No CVSS score assigned as of publication. Not listed in CISA KEV catalog.

Official resources