Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: Squashfs: check metadata block offset is within range Syzkaller reports a "general protection fault in squashfs_copy_data" This is ultimately caused by a corrupted index look-up table, which produces a negative metadata block offset. This is subsequently passed to squashfs_copy_data (via squashfs_read_metadata) where the negative offset causes an out of bounds access. The fix is to check that the offset is within range in squashfs_read_metadata. This will trap this and other cases.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 2.6.29.1, < 5.10.253 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/01ee0bcc29864b78249308e8b35042b09bbf5fe3Patch
- https://git.kernel.org/stable/c/0c8ab092aec3ac4294940054772d30b511b16713Patch
- https://git.kernel.org/stable/c/3b9499e7d677dd4366239a292238489a804936b2Patch
- https://git.kernel.org/stable/c/3f68a9457a6190814377577374da75f872e0a013Patch
- https://git.kernel.org/stable/c/60f679f643f3f36a8571ea585e4ce5d93ef952b5Patch
- https://git.kernel.org/stable/c/6b847d65f5b0065e02080c61fad93d57d6686383Patch
- https://git.kernel.org/stable/c/9e9fa5ad37c9cbad73c165c7ff1e76e650825e7cPatch
- https://git.kernel.org/stable/c/fdb24a820a5832ec4532273282cbd4f22c291a0dPatch
FAQ
What is CVE-2026-23388?
CVE-2026-23388 is a vulnerability with a CVSS score of 7.1 (HIGH). In the Linux kernel, the following vulnerability has been resolved: Squashfs: check metadata block offset is within range Syzkaller reports a "general protection fault in squashfs_copy_data" This i...
How severe is CVE-2026-23388?
CVE-2026-23388 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-23388?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.