CVE-2026-43209

Summary

In the Linux kernel, the following vulnerability has been resolved:

minix: Add required sanity checking to minix_check_superblock()

The fs/minix implementation of the minix filesystem does not currently support any other value for s_log_zone_size than 0. This is also the only value supported in util-linux; see mkfs.minix.c line 511. In addition, this patch adds some sanity checking for the other minix superblock fields, and moves the minix_blocks_needed() checks for the zmap and imap also to minix_check_super_block().

This also closes a related syzbot bug report.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < a051ecf5c5b0387840dc210413ed3bc7fbdaa69caffected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < d791c544efd6b9c944b43cf7f502e5bcb02fb941affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 66c7c239c65341f99ae388d4d53dc9df2bcb9925affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 2bb588cede1c1969e49c0a2822c8cb8b346b7682affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < f57ccd4657c7f082dc47e5b9e18a883bb5f9118faffected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 31fefc18096cdc5549cfa54964d90e0b3229aedcaffected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 1efc128ee4adbc23e082715425ff895449d233bcaffected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 8c97a6ddc95690a938ded44b4e3202f03f15078caffected
LinuxLinux2.6.12affected
LinuxLinux0 < 2.6.12unaffected
LinuxLinux5.10.252 <= 5.10.*unaffected
LinuxLinux5.15.202 <= 5.15.*unaffected
LinuxLinux6.1.165 <= 6.1.*unaffected
LinuxLinux6.6.128 <= 6.6.*unaffected
LinuxLinux6.12.75 <= 6.12.*unaffected
LinuxLinux6.18.16 <= 6.18.*unaffected
LinuxLinux6.19.6 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References