Out of Bounds Access in Linux Kernel's Squashfs Affects Multiple Systems
CVE-2026-23388

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
25 March 2026

What is CVE-2026-23388?

The vulnerability in the Linux kernel's Squashfs module arises from improper handling of metadata block offsets, specifically when a corrupted index lookup table leads to negative offsets. This scenario causes an out of bounds access in the function squashfs_copy_data, potentially compromising system security. The issue has been addressed by implementing checks in the squashfs_read_metadata function to ensure that offsets are within valid ranges, effectively mitigating the risk associated with corrupted metadata.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux f400e12656ab518be107febfe2315fb1eab5a342 < 0c8ab092aec3ac4294940054772d30b511b16713

Linux f400e12656ab518be107febfe2315fb1eab5a342 < 6b847d65f5b0065e02080c61fad93d57d6686383

Linux f400e12656ab518be107febfe2315fb1eab5a342 < 9e9fa5ad37c9cbad73c165c7ff1e76e650825e7c

References

https://git.kernel.org/stable/c/0c8ab092aec3ac42949400547...
https://git.kernel.org/stable/c/6b847d65f5b0065e02080c61f...
https://git.kernel.org/stable/c/9e9fa5ad37c9cbad73c165c7f...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.