CVE-2026-23388

EUVD-2026-15388
In the Linux kernel, the following vulnerability has been resolved:

Squashfs: check metadata block offset is within range

Syzkaller reports a "general protection fault in squashfs_copy_data"

This is ultimately caused by a corrupted index look-up table, which
produces a negative metadata block offset.

This is subsequently passed to squashfs_copy_data (via
squashfs_read_metadata) where the negative offset causes an out of bounds
access.

The fix is to check that the offset is within range in
squashfs_read_metadata.  This will trap this and other cases.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.1 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
2.6.29.1 ≤
𝑥
< 5.10.253
linuxlinux_kernel
5.11 ≤
𝑥
< 5.15.203
linuxlinux_kernel
5.16 ≤
𝑥
< 6.1.167
linuxlinux_kernel
6.2 ≤
𝑥
< 6.6.130
linuxlinux_kernel
6.7 ≤
𝑥
< 6.12.77
linuxlinux_kernel
6.13 ≤
𝑥
< 6.18.17
linuxlinux_kernel
6.19 ≤
𝑥
< 6.19.7
linuxlinux_kernel
2.6.29
linuxlinux_kernel
7.0:rc1
linuxlinux_kernel
7.0:rc2
linuxlinux_kernel
7.0:rc3
linuxlinux_kernel
7.0:rc4
linuxlinux_kernel
7.0:rc5
linuxlinux_kernel
7.0:rc6
linuxlinux_kernel
7.0:rc7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
vulnerable
bookworm (security)
6.1.170-3
fixed
bullseye
vulnerable
bullseye (security)
vulnerable
forky
7.0.4-1
fixed
sid
7.0.4-1
fixed
trixie
vulnerable
trixie (security)
6.12.86-1
fixed
linux-6.1
bullseye (security)
6.1.170-3~deb11u1
fixed
Common Weakness Enumeration
References
https://git.kernel.org/stable/c/01ee0bcc29864b78249308e8b35042b09bbf5fe3
https://git.kernel.org/stable/c/0c8ab092aec3ac4294940054772d30b511b16713
https://git.kernel.org/stable/c/3b9499e7d677dd4366239a292238489a804936b2
https://git.kernel.org/stable/c/3f68a9457a6190814377577374da75f872e0a013
https://git.kernel.org/stable/c/60f679f643f3f36a8571ea585e4ce5d93ef952b5
https://git.kernel.org/stable/c/6b847d65f5b0065e02080c61fad93d57d6686383
https://git.kernel.org/stable/c/9e9fa5ad37c9cbad73c165c7ff1e76e650825e7c
https://git.kernel.org/stable/c/fdb24a820a5832ec4532273282cbd4f22c291a0d