CVE-2026-23388

Squashfs: check metadata block offset is within range

Description

In the Linux kernel, the following vulnerability has been resolved: Squashfs: check metadata block offset is within range Syzkaller reports a "general protection fault in squashfs_copy_data" This is ultimately caused by a corrupted index look-up table, which produces a negative metadata block offset. This is subsequently passed to squashfs_copy_data (via squashfs_read_metadata) where the negative offset causes an out of bounds access. The fix is to check that the offset is within range in squashfs_read_metadata. This will trap this and other cases.

INFO

Published Date :

2026-03-25T10:28:06.224Z

Last Modified :

2026-04-18T08:58:25.502Z

Source :

Linux

AFFECTED PRODUCTS

The following products are affected by CVE-2026-23388 vulnerability.

Vendors	Products
Linux	Linux Kernel

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-23388.

URL	Resource
https://git.kernel.org/stable/c/01ee0bcc29864b78249308e8b35042b09bbf5fe3
https://git.kernel.org/stable/c/0c8ab092aec3ac4294940054772d30b511b16713
https://git.kernel.org/stable/c/3b9499e7d677dd4366239a292238489a804936b2
https://git.kernel.org/stable/c/3f68a9457a6190814377577374da75f872e0a013
https://git.kernel.org/stable/c/60f679f643f3f36a8571ea585e4ce5d93ef952b5
https://git.kernel.org/stable/c/6b847d65f5b0065e02080c61fad93d57d6686383
https://git.kernel.org/stable/c/9e9fa5ad37c9cbad73c165c7ff1e76e650825e7c
https://git.kernel.org/stable/c/fdb24a820a5832ec4532273282cbd4f22c291a0d
https://lore.kernel.org/linux-cve-announce/2026032544-CVE-2026-23388-9e71@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-23388
https://www.cve.org/CVERecord?id=CVE-2026-23388

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact