CVE-2026-43179

medium

Description

In the Linux kernel, the following vulnerability has been resolved: erofs: fix incorrect early exits for invalid metabox-enabled images Crafted EROFS images with metadata compression enabled can trigger incorrect early returns, leading to folio reference leaks. However, this does not cause system crashes or other severe issues.

References

https://git.kernel.org/stable/c/643575d5a4f24b23b0c54aa20aa74a4abed8ff5e

https://git.kernel.org/stable/c/56e4a84220045b6af0f1efc11825b39217c7decf

https://git.kernel.org/stable/c/041b5163bb9b2e81050bcd885b3373bf2f42d5f5

Details

Source: Mitre, NVD

Published: 2026-05-06

Updated: 2026-05-06

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00017