2467208 – (CVE-2026-43209) CVE-2026-43209 kernel: minix: Add required sanity checking to minix_check_superblock()

Bug 2467208 (CVE-2026-43209) - CVE-2026-43209 kernel: minix: Add required sanity checking to minix_check_superblock()

Summary: CVE-2026-43209 kernel: minix: Add required sanity checking to minix_check_sup...

Keywords:
Status:	NEW
Alias:	CVE-2026-43209
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-05-06 13:10 UTC by OSIDB Bzimport
Modified:	2026-05-06 21:41 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-05-06 13:10:54 UTC

In the Linux kernel, the following vulnerability has been resolved:

minix: Add required sanity checking to minix_check_superblock()

The fs/minix implementation of the minix filesystem does not currently
support any other value for s_log_zone_size than 0. This is also the
only value supported in util-linux; see mkfs.minix.c line 511. In
addition, this patch adds some sanity checking for the other minix
superblock fields, and moves the minix_blocks_needed() checks for the
zmap and imap also to minix_check_super_block().

This also closes a related syzbot bug report.

Comment 1 Keith Grant 2026-05-06 21:37:22 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026050648-CVE-2026-43209-3ed2@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.