CVE-2026-43063 - Vulnerability Details

- xfs: don't irele after failing to iget in xfs_attri_recover_work

Description

In the Linux kernel, the following vulnerability has been resolved:

xfs: don't irele after failing to iget in xfs_attri_recover_work

xlog_recovery_iget* never set @ip to a valid pointer if they return
an error, so this irele will walk off a dangling pointer. Fix that.

Published: 2026-05-05

Score: 7.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A flaw in the Linux kernel’s XFS file system recovery path causes a release operation to be performed on a dangling pointer when attribute recovery fails to obtain an inode reference. This results in memory corruption that can trigger a kernel crash or panic, compromising system availability and potentially exposing the machine to additional instability. The issue is a classic use‑of‑invalid‑pointer scenario, classified as a memory management flaw (CWE‑825).

Affected Systems

All Linux kernel releases that include the XFS file system are potentially impacted, as the flaw resides in core XFS module code. No specific version range is listed, so any installation using an unpatched kernel remains at risk until the patch is applied.

Risk and Exploitability

The severity of the flaw is significant, with a CVSS score of 7.8, and the EPSS score indicates a very low probability of exploitation (<1%). It is not listed in the CISA KEV catalog. The likely attack vector is local, inferred from the description: the vulnerability is triggered during XFS attribute recovery, which could be induced by intentional filesystem corruption or disk errors. Exploitation would require an attacker to create the fault condition, which may be possible through malicious filesystem manipulation or physical media compromise. Due to the potential for system downtime, administrators should treat this as an urgent risk even without a publicly available exploit.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`ae673f534a30976ce5e709c4535a59c12b786ef3`	affected	< b5c5a50c2f513d4a13a6763564a07b470e69cc5a
`ae673f534a30976ce5e709c4535a59c12b786ef3`	affected	< a1a5df1038f0b3c560d204270373621a4e622808
`ae673f534a30976ce5e709c4535a59c12b786ef3`	affected	< 40082d08b638485cbaa543dc8087a3d1844d6f08
`ae673f534a30976ce5e709c4535a59c12b786ef3`	affected	< 70685c291ef82269180758130394ecdc4496b52c

Linux

affected

Version	Status	Constraints
`6.10`	affected	—
`0`	unaffected	< 6.10
`6.12.80`	unaffected	≤ 6.12.*
`6.18.21`	unaffected	≤ 6.18.*
`6.19.11`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[ae673f534a30976ce5e709c4535a59c12b786ef3,b5c5a50c2f513d4a13a6763564a07b470e69cc5a)`	affected	code_commit	—
`[ae673f534a30976ce5e709c4535a59c12b786ef3,a1a5df1038f0b3c560d204270373621a4e622808)`	affected	code_commit	—
`[ae673f534a30976ce5e709c4535a59c12b786ef3,40082d08b638485cbaa543dc8087a3d1844d6f08)`	affected	code_commit	—
`[ae673f534a30976ce5e709c4535a59c12b786ef3,70685c291ef82269180758130394ecdc4496b52c)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.10`	affected	generic	—
`[0,6.10)`	unaffected	generic	—
`[0,6.13.0)`	unaffected	generic	—
`[0,6.19.0)`	unaffected	generic	—
`[0,6.20.0)`	unaffected	generic	—
`[0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest Linux kernel update that includes the XFS attribute recovery fix or rebuild the kernel from a source tree containing the patch
If a patch cannot be applied immediately, consider disabling XFS usage on critical systems or migrating to an alternative filesystem until the kernel is updated
Configure system monitoring to alert on kernel oopses or panics, and isolate the affected host to prevent further disruption while remediation is pending

Generated by OpenCVE AI on May 8, 2026 at 16:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00013.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/40082d08b638485cbaa543dc8087a3d1844d6f08
https://git.kernel.org/stable/c/70685c291ef82269180758130394ecdc4496b52c
https://git.kernel.org/stable/c/a1a5df1038f0b3c560d204270373621a4e622808
https://git.kernel.org/stable/c/b5c5a50c2f513d4a13a6763564a07b470e69cc5a
https://lore.kernel.org/linux-cve-announce/2026050531-CVE-2026-43063-4bdd@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43063
https://www.cve.org/CVERecord?id=CVE-2026-43063

History

Fri, 08 May 2026 13:00:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}`	cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}`

Wed, 06 May 2026 16:00:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-476

Wed, 06 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-825
References		https://lore.kernel.org/linux-cve-announce/2026050531-CVE-2026-43063-4bdd@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43063 https://www.cve.org/CVERecord?id=CVE-2026-43063
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Moderate`

Tue, 05 May 2026 17:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-476

Tue, 05 May 2026 16:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: xfs: don't irele after failing to iget in xfs_attri_recover_work xlog_recovery_iget* never set @ip to a valid pointer if they return an error, so this irele will walk off a dangling pointer. Fix that.
Title		xfs: don't irele after failing to iget in xfs_attri_recover_work
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/40082d08b638485cbaa543dc8087a3d1844d6f08 https://git.kernel.org/stable/c/70685c291ef82269180758130394ecdc4496b52c https://git.kernel.org/stable/c/a1a5df1038f0b3c560d204270373621a4e622808 https://git.kernel.org/stable/c/b5c5a50c2f513d4a13a6763564a07b470e69cc5a

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-05T15:23:24.034Z

Updated: 2026-05-11T22:16:59.776Z

Reserved: 2026-05-01T14:12:55.981Z

Link: CVE-2026-43063

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-05T16:16:15.467

Modified: 2026-05-08T13:16:37.457

Link: CVE-2026-43063

Redhat

Severity : Moderate

Publid Date: 2026-05-05T00:00:00Z

Links: CVE-2026-43063 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-08T16:45:13Z

Weaknesses

CWE-825

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object