CVE-2026-43179

EUVD-2026-27741
In the Linux kernel, the following vulnerability has been resolved:

erofs: fix incorrect early exits for invalid metabox-enabled images

Crafted EROFS images with metadata compression enabled can trigger
incorrect early returns, leading to folio reference leaks.

However, this does not cause system crashes or other severe issues.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.159-1
fixed
bookworm (security)
6.1.170-1
fixed
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.251-4
fixed
forky
6.19.14-1
fixed
sid
7.0.4-1
fixed
trixie
6.12.73-1
fixed
trixie (security)
6.12.86-1
fixed
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/041b5163bb9b2e81050bcd885b3373bf2f42d5f5
https://git.kernel.org/stable/c/56e4a84220045b6af0f1efc11825b39217c7decf
https://git.kernel.org/stable/c/643575d5a4f24b23b0c54aa20aa74a4abed8ff5e