Description
In the Linux kernel, the following vulnerability has been resolved:

ext4: reject mount if bigalloc with s_first_data_block != 0

bigalloc with s_first_data_block != 0 is not supported, reject mounting
it.
Published: 2026-04-22
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In this vulnerability the Linux kernel rejects mounting an ext4 filesystem that uses the bigalloc feature while the s_first_data_block field is non-zero. This issue corresponds to CWE‑1288 (File System Format Validity Issue). The failure arises from an unchecked filesystem format condition that causes the mount operation to abort, leading to a denial of service for any process that requires access to the affected partition.

Affected Systems

The flaw impacts any Linux system that runs a kernel version that does not yet include the patch that adds the check against s_first_data_block. Administrators should consider all unpatched kernels as vulnerable, especially when ext4 filesystems are created with bigalloc enabled. The CNA vendor list shows only Linux, and no specific version ranges are provided, so all legacy kernels are potentially affected.

Risk and Exploitability

The latest CVSS score of 7.8 classifies this issue as high severity. The flaw is recognized as CWE‑1288, a file system format validity issue. Because the EPSS score is below 1%, exploitation is currently unlikely, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is local; an attacker with root privileges or the ability to mount filesystems can trigger a denial of service by attempting to mount a bigalloc-enabled ext4 partition where s_first_data_block is non-zero. This will abort the mount operation and render the filesystem unavailable, but does not affect confidentiality or integrity.

Generated by OpenCVE AI on May 7, 2026 at 20:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the kernel to a version that contains the patch that restricts bigalloc usage when s_first_data_block is non-zero.
  • Avoid creating ext4 filesystems with the bigalloc feature or ensure that s_first_data_block is set to zero for any required partitions; do not use bigalloc on production systems.
  • If an immediate kernel upgrade is not possible, reformat the affected ext4 filesystem without the bigalloc feature or remount it with corrected parameters that satisfy the kernel check.
  • Monitor mount attempts on the affected filesystems for failures and log such events to detect any misuse or exploitation attempts.

Generated by OpenCVE AI on May 7, 2026 at 20:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4561-1 linux-6.1 security update
Debian DSA Debian DSA DSA-6238-1 linux security update
Debian DSA Debian DSA DSA-6243-1 linux security update
History

Thu, 07 May 2026 19:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*

Mon, 27 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Thu, 23 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1288
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Wed, 22 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ext4: reject mount if bigalloc with s_first_data_block != 0 bigalloc with s_first_data_block != 0 is not supported, reject mounting it.
Title ext4: reject mount if bigalloc with s_first_data_block != 0
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:08:53.131Z

Reserved: 2026-03-09T15:48:24.091Z

Link: CVE-2026-31447

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-04-22T14:16:38.577

Modified: 2026-05-07T19:18:42.230

Link: CVE-2026-31447

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-22T00:00:00Z

Links: CVE-2026-31447 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T21:00:13Z

Weaknesses