CVE-2026-43179

Vulnerability

Description

CVE-2026-43179 is a vulnerability in the Linux kernel's EROFS (Enhanced Read-Only File System) implementation. The issue occurs when a specially crafted EROFS image with metadata compression (metabox) enabled is mounted. The kernel's error handling logic can execute incorrect early returns from functions processing metabox data, causing the system to skip necessary cleanup routines. This results in folio (page cache) reference count leaks, where the kernel loses track of references to memory pages. [1]

Exploitation and

Impact

To exploit this vulnerability, an attacker must be able to mount a maliciously crafted EROFS filesystem image. This typically requires a local user with sufficient privileges to mount filesystems, or a scenario where an attacker can supply the image to be mounted automatically (e.g., via a removable device or network filesystem). No authentication over the network is needed beyond the mount operation; the impact is local to the system. The bug resides in the kernel's filesystem code, so no user interaction is required after the mount. The primary consequence is a memory resource leak: each malformed image can cause the loss of one or more folio references. [1][2]

Impact

Severity and Mitigation

Despite the reference leak, the Linux kernel developers assess that this vulnerability does not lead to system crashes or other severe security issues such as privilege escalation or data corruption [1]. The CVSS v3 score is 5.5 (Medium), reflecting the limited impact (availability degradation via memory exhaustion over time). If an attacker repeatedly mounts crafted images, they could exhaust system memory, leading to denial of service. The fix is included in stable kernel updates; affected users should apply the latest patches from their distribution. No workarounds are known, but avoiding mounting untrusted EROFS images mitigates the risk. [3]