CVE-2026-43209
Description
In the Linux kernel, the following vulnerability has been resolved:
minix: Add required sanity checking to minix_check_superblock()
The fs/minix implementation of the minix filesystem does not currently support any other value for s_log_zone_size than 0. This is also the only value supported in util-linux; see mkfs.minix.c line 511. In addition, this patch adds some sanity checking for the other minix superblock fields, and moves the minix_blocks_needed() checks for the zmap and imap also to minix_check_super_block().
This also closes a related syzbot bug report.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Linux kernel minix filesystem lacked superblock validation, enabling potential system crash via crafted filesystem image.
Bug
Description
The Linux kernel's fs/minix implementation lacked sufficient sanity checking in minix_check_superblock(). The minix filesystem code did not validate that s_log_zone_size is zero, which is the only value supported by the implementation and by util-linux mkfs.minix. Other superblock fields also lacked proper bounds checking, allowing an attacker to craft a malicious minix filesystem image that could trigger out-of-bounds access when the kernel tries to read zone or inode bitmaps. The issue was reported via a syzbot bug report and was resolved by adding validation and moving minix_blocks_needed() checks for the zone map (zmap) and inode map (imap) into minix_check_super_block() [1][2].
Exploitation
Exploitation requires an attacker to mount a specially crafted minix filesystem image. This could occur through physical access, a malicious USB drive, or a network-based filesystem share if the attacker can control the image. No authentication is needed beyond the ability to trigger a mount operation. The vulnerability is purely in the superblock parsing logic, so crafted data at mount time is sufficient to trigger the flaw. The attacker does not need to write to the filesystem; merely reading the forged superblock fields triggers the vulnerability [3][4].
Impact
A successful exploit can cause a denial-of-service (DoS) by crashing the kernel (e.g., through a NULL pointer dereference or memory corruption). The CVSS v3 score of 5.5 (Medium) reflects the requirement for local access or physical media insertion, but the impact is system availability. No privilege escalation or data exfiltration has been described; the primary consequence is a system panic or hang [1][4].
Mitigation
The fix is included in Linux kernel stable updates. Users should apply the latest kernel patches from their distribution to ensure that minix_check_superblock() performs the necessary validation. There is no workaround other than avoiding the use of untrusted minix filesystems or blocking the minix kernel module if it is not required. The vulnerability is not known to be exploited in the wild (not listed on CISA KEV as of publication) [2][3].
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- git.kernel.org/stable/c/1efc128ee4adbc23e082715425ff895449d233bcnvdPatch
- git.kernel.org/stable/c/2bb588cede1c1969e49c0a2822c8cb8b346b7682nvdPatch
- git.kernel.org/stable/c/31fefc18096cdc5549cfa54964d90e0b3229aedcnvdPatch
- git.kernel.org/stable/c/66c7c239c65341f99ae388d4d53dc9df2bcb9925nvdPatch
- git.kernel.org/stable/c/8c97a6ddc95690a938ded44b4e3202f03f15078cnvdPatch
- git.kernel.org/stable/c/a051ecf5c5b0387840dc210413ed3bc7fbdaa69cnvdPatch
- git.kernel.org/stable/c/d791c544efd6b9c944b43cf7f502e5bcb02fb941nvdPatch
- git.kernel.org/stable/c/f57ccd4657c7f082dc47e5b9e18a883bb5f9118fnvdPatch
News mentions
0No linked articles in our index yet.