Bug 2467093 (CVE-2026-43154)

Summary: CVE-2026-43154 kernel: erofs: fix incorrect early exits in volume label handling
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: rhel-process-autobot, watson-tool-maintainers
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in the Linux kernel's EROFS filesystem. Crafted EROFS images containing valid volume labels can trigger incorrect early returns during volume label handling, leading to folio reference leaks. This issue could potentially lead to minor resource exhaustion, but it does not cause system crashes or other severe issues.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2026-05-06 13:03:52 UTC 
In the Linux kernel, the following vulnerability has been resolved:

erofs: fix incorrect early exits in volume label handling

Crafted EROFS images containing valid volume labels can trigger
incorrect early returns, leading to folio reference leaks.

However, this does not cause system crashes or other severe issues.
Comment 1 Keith Grant 2026-05-06 19:01:09 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026050629-CVE-2026-43154-9c24@gregkh/T