PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46078 Linux CVE debrief

A vulnerability in the Linux kernel's EROFS (Enhanced Read-Only File System) implementation allows out-of-bounds memory reads when processing crafted filesystem images. The issue affects trailing directory entries (dirents) where name offset (nameoff) values are not properly validated before use in strnlen() calculations. When a malicious EROFS image contains a trailing dirent with nameoff exceeding the maximum valid size, the subtraction maxsize - nameoff underflows, causing strnlen() to read beyond allocated directory block boundaries. Additionally, nameoff0 validation was missing alignment checks against sizeof(struct erofs_dirent). The vulnerability was resolved through kernel patches that add proper boundary verification and alignment checks for nameoff values in trailing dirent processing.

Vendor
Linux
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-27
Original CVE updated
2026-05-27
Advisory published
2026-05-27
Advisory updated
2026-05-27

Who should care

Linux system administrators, kernel maintainers, and security teams managing systems that mount EROFS filesystem images from external or untrusted sources

Technical summary

The EROFS filesystem driver in the Linux kernel failed to validate nameoff values for trailing directory entries before calculating name lengths with strnlen(). A crafted EROFS image with nameoff >= maxsize causes unsigned integer underflow in maxsize - nameoff, resulting in out-of-bounds memory reads. The fix adds boundary checks and verifies nameoff0 alignment to sizeof(struct erofs_dirent).

Defensive priority

medium

Recommended defensive actions

  • Apply kernel updates containing the referenced stable commits when available through distribution channels
  • Review systems mounting untrusted EROFS images and restrict such operations to isolated environments
  • Monitor vendor security advisories for kernel package updates addressing CVE-2026-46078
  • Validate EROFS image sources and integrity before mounting in production environments

Evidence notes

Vulnerability description confirms the issue is resolved in Linux kernel. Multiple stable kernel commits provided indicate backports to supported branches. No CVSS score or severity assigned by NVD at time of disclosure. No KEV listing present.

Official resources

2026-05-27