Linux Kernel Vulnerability in ext4 Filesystem Affects Block Allocation
CVE-2026-43067

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 5 May 2026

What is CVE-2026-43067?

In the Linux kernel, a vulnerability has been introduced in the ext4 filesystem's handling of block allocations for files that utilize indirect mapping. The allocation mechanism can mistakenly attempt to allocate blocks beyond the 32-bit limitation, particularly in scenarios where the filesystem contains both extent-mapped and indirect-block mapped files. This situation can arise if inappropriate group indices are utilized, leading to potential issues during block allocation. To mitigate this risk, a safety clamp has been proposed to ensure that block allocations are carried out within safe group limits.

Affected Version(s)

Linux 9d89b9d55e25cb340c5b4b769876edc551b7a9ff

Linux 1b0edd6022a3f44ce87fea9959a9310f4628fbea < 83170a05908b6cf2fb3235d3065bf613ff866f3c

Linux 9eea2f57d11b30049ff996ac3eff6e0dc8089e5f < 4bec4a498ce86314d470ae6144120461f2138c29

References

https://git.kernel.org/stable/c/f89bba144938921a2249237ad...

https://git.kernel.org/stable/c/83170a05908b6cf2fb3235d30...

https://git.kernel.org/stable/c/4bec4a498ce86314d470ae614...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 5, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43067 Data

JSON