CVE-2026-23388

EUVD-2026-15388

25.03.2026, 11:16

In the Linux kernel, the following vulnerability has been resolved:

Squashfs: check metadata block offset is within range

Syzkaller reports a "general protection fault in squashfs_copy_data"

This is ultimately caused by a corrupted index look-up table, which
produces a negative metadata block offset.

This is subsequently passed to squashfs_copy_data (via
squashfs_read_metadata) where the negative offset causes an out of bounds
access.

The fix is to check that the offset is within range in
squashfs_read_metadata.  This will trap this and other cases.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	UNKNOWN				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Debian Releases

Debian Product

Codename

linux

bookworm	vulnerable
bookworm (security)	vulnerable
bullseye	vulnerable
bullseye (security)	vulnerable
forky	6.19.8-1 fixed
sid	6.19.8-1 fixed
trixie	vulnerable
trixie (security)	vulnerable

References

https://git.kernel.org/stable/c/01ee0bcc29864b78249308e8b35042b09bbf5fe3

https://git.kernel.org/stable/c/0c8ab092aec3ac4294940054772d30b511b16713

https://git.kernel.org/stable/c/3b9499e7d677dd4366239a292238489a804936b2

https://git.kernel.org/stable/c/6b847d65f5b0065e02080c61fad93d57d6686383

https://git.kernel.org/stable/c/9e9fa5ad37c9cbad73c165c7ff1e76e650825e7c

https://git.kernel.org/stable/c/fdb24a820a5832ec4532273282cbd4f22c291a0d