{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-43154", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-01T14:12:55.989Z", "datePublished": "2026-05-06T11:27:35.116Z", "dateUpdated": "2026-05-11T22:18:48.424Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:18:48.424Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix incorrect early exits in volume label handling\n\nCrafted EROFS images containing valid volume labels can trigger\nincorrect early returns, leading to folio reference leaks.\n\nHowever, this does not cause system crashes or other severe issues."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/erofs/super.c"], "versions": [{"version": "1cf12c7177410afcb53f815315d1247ea57fae4f", "lessThan": "8d8a878ef60801d867119b3df6a93e2982d62a71", "status": "affected", "versionType": "git"}, {"version": "1cf12c7177410afcb53f815315d1247ea57fae4f", "lessThan": "d498bd168494ad4a4bce16192bfb9ce04ca19c9a", "status": "affected", "versionType": "git"}, {"version": "1cf12c7177410afcb53f815315d1247ea57fae4f", "lessThan": "3afa4da38802a4cba1c23848a32284e7e57b831b", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/erofs/super.c"], "versions": [{"version": "6.18", "status": "affected"}, {"version": "0", "lessThan": "6.18", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.16", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.6", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "6.18.16"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "6.19.6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/8d8a878ef60801d867119b3df6a93e2982d62a71"}, {"url": "https://git.kernel.org/stable/c/d498bd168494ad4a4bce16192bfb9ce04ca19c9a"}, {"url": "https://git.kernel.org/stable/c/3afa4da38802a4cba1c23848a32284e7e57b831b"}], "title": "erofs: fix incorrect early exits in volume label handling", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E0D300DB-AA68-4962-981D-EF9F5E97AACF", "versionEndExcluding": "6.18.16", "versionStartIncluding": "6.18", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "373EEEDA-FAA1-4FB4-B6ED-DB4DD99DBE67", "versionEndExcluding": "6.19.6", "versionStartIncluding": "6.19", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix incorrect early exits in volume label handling\n\nCrafted EROFS images containing valid volume labels can trigger\nincorrect early returns, leading to folio reference leaks.\n\nHowever, this does not cause system crashes or other severe issues."}], "id": "CVE-2026-43154", "lastModified": "2026-05-13T20:06:24.863", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-05-06T12:16:33.193", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3afa4da38802a4cba1c23848a32284e7e57b831b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8d8a878ef60801d867119b3df6a93e2982d62a71"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d498bd168494ad4a4bce16192bfb9ce04ca19c9a"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: erofs: fix incorrect early exits in volume label handling", "id": "2467093", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467093"}, "csaw": false, "cwe": "CWE-459", "details": ["A flaw was found in the Linux kernel's EROFS filesystem. Crafted EROFS images containing valid volume labels can trigger incorrect early returns during volume label handling, leading to folio reference leaks. This issue could potentially lead to minor resource exhaustion, but it does not cause system crashes or other severe issues."], "name": "CVE-2026-43154", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-05-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-43154\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-43154\nhttps://lore.kernel.org/linux-cve-announce/2026050629-CVE-2026-43154-9c24@gregkh/T"]}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1cf12c7177410afcb53f815315d1247ea57fae4f,8d8a878ef60801d867119b3df6a93e2982d62a71)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1cf12c7177410afcb53f815315d1247ea57fae4f,d498bd168494ad4a4bce16192bfb9ce04ca19c9a)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[1cf12c7177410afcb53f815315d1247ea57fae4f,3afa4da38802a4cba1c23848a32284e7e57b831b)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "6.18"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,6.18)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.16,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.6,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "created": "2026-05-06T13:45:04.297431+00:00", "updated": "2026-05-13T22:00:06.582083+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}