Home

Description

In the Linux kernel, the following vulnerability has been resolved: Squashfs: check metadata block offset is within range Syzkaller reports a "general protection fault in squashfs_copy_data" This is ultimately caused by a corrupted index look-up table, which produces a negative metadata block offset. This is subsequently passed to squashfs_copy_data (via squashfs_read_metadata) where the negative offset causes an out of bounds access. The fix is to check that the offset is within range in squashfs_read_metadata. This will trap this and other cases.

PUBLISHED Reserved 2026-01-13 | Published 2026-03-25 | Updated 2026-05-11 | Assigner Linux

Product status

Default status
unaffected

f400e12656ab518be107febfe2315fb1eab5a342 (git) before 60f679f643f3f36a8571ea585e4ce5d93ef952b5
affected

f400e12656ab518be107febfe2315fb1eab5a342 (git) before 3f68a9457a6190814377577374da75f872e0a013
affected

f400e12656ab518be107febfe2315fb1eab5a342 (git) before 0c8ab092aec3ac4294940054772d30b511b16713
affected

f400e12656ab518be107febfe2315fb1eab5a342 (git) before 6b847d65f5b0065e02080c61fad93d57d6686383
affected

f400e12656ab518be107febfe2315fb1eab5a342 (git) before 9e9fa5ad37c9cbad73c165c7ff1e76e650825e7c
affected

f400e12656ab518be107febfe2315fb1eab5a342 (git) before 01ee0bcc29864b78249308e8b35042b09bbf5fe3
affected

f400e12656ab518be107febfe2315fb1eab5a342 (git) before 3b9499e7d677dd4366239a292238489a804936b2
affected

f400e12656ab518be107febfe2315fb1eab5a342 (git) before fdb24a820a5832ec4532273282cbd4f22c291a0d
affected

Default status
affected

2.6.29
affected

Any version before 2.6.29
unaffected

5.10.253 (semver)
unaffected

5.15.203 (semver)
unaffected

6.1.167 (semver)
unaffected

6.6.130 (semver)
unaffected

6.12.77 (semver)
unaffected

6.18.17 (semver)
unaffected

6.19.7 (semver)
unaffected

7.0 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/60f679f643f3f36a8571ea585e4ce5d93ef952b5

git.kernel.org/...c/3f68a9457a6190814377577374da75f872e0a013

git.kernel.org/...c/0c8ab092aec3ac4294940054772d30b511b16713

git.kernel.org/...c/6b847d65f5b0065e02080c61fad93d57d6686383

git.kernel.org/...c/9e9fa5ad37c9cbad73c165c7ff1e76e650825e7c

git.kernel.org/...c/01ee0bcc29864b78249308e8b35042b09bbf5fe3

git.kernel.org/...c/3b9499e7d677dd4366239a292238489a804936b2

git.kernel.org/...c/fdb24a820a5832ec4532273282cbd4f22c291a0d

cve.org (CVE-2026-23388)

nvd.nist.gov (CVE-2026-23388)

Download JSON