CVE-2026-43168
Description
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: fix reflink preserve cleanup issue
commit c06c303832ec ("ocfs2: fix xattr array entry __counted_by error") doesn't handle all cases and the cleanup job for preserved xattr entries still has bug: - the 'last' pointer should be shifted by one unit after cleanup an array entry. - current code logic doesn't cleanup the first entry when xh_count is 1.
Note, commit c06c303832ec is also a bug fix for 0fe9b66c65f3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A flaw in ocfs2's reflink xattr cleanup can cause memory corruption, allowing local attackers to potentially crash the system.
Vulnerability
Description
In the Linux kernel's ocfs2 filesystem, the reflink operation's cleanup of preserved xattr entries contains a bug introduced by a previous fix (commit c06c303832ec). The 'last' pointer is not correctly shifted after removing an array entry, and the first entry is not cleaned when xh_count is 1. This results in incomplete cleanup and potential memory corruption [1][2][3][4].
Attack
Vector
An attacker with local access and the ability to trigger reflink operations could exploit this flaw. The vulnerability does not require special authentication beyond standard user privileges; any local user capable of performing reflink on ocfs2 mounts could potentially trigger the bug.
Impact
The improper cleanup leads to memory corruption, which could cause a system crash (denial of service) or potentially be leveraged for privilege escalation, though the primary impact is instability. The CVSS v3 base score is 5.5 (Medium).
Mitigation
The Linux kernel community has released fixes in multiple stable branches, as referenced in the linked commits. Users should update their kernels to the latest patched versions. No workaround is available; applying the kernel update is the recommended action.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- git.kernel.org/stable/c/02acc9f72365e50eb45a56b7dacb9114ca3b503cnvdPatch
- git.kernel.org/stable/c/2f4daccd9d9b8b2952df7878df8c2e8ba6439398nvdPatch
- git.kernel.org/stable/c/3bdc3766aafb052aef4baadef455a84c1c0a059dnvdPatch
- git.kernel.org/stable/c/5138c936c2c82c9be8883921854bc6f7e1177d8cnvdPatch
- git.kernel.org/stable/c/8ff329353134280b203cb2bce95311cb8f7cbd8anvdPatch
- git.kernel.org/stable/c/b2952dbeac2c3c527cb0519d5ffaeb95b062466anvdPatch
- git.kernel.org/stable/c/bb273b68c1719c2925e05557f7e7099edb066680nvdPatch
- git.kernel.org/stable/c/c44d86ca949cb1e5566ad14510cc26fa1a17e2d8nvdPatch
News mentions
0No linked articles in our index yet.