Description
In the Linux kernel, the following vulnerability has been resolved:

xfs: remove xfs_attr_leaf_hasname

The calling convention of xfs_attr_leaf_hasname() is problematic, because
it returns a NULL buffer when xfs_attr3_leaf_read fails, a valid buffer
when xfs_attr3_leaf_lookup_int returns -ENOATTR or -EEXIST, and a
non-NULL buffer pointer for an already released buffer when
xfs_attr3_leaf_lookup_int fails with other error values.

Fix this by simply open coding xfs_attr_leaf_hasname in the callers, so
that the buffer release code is done by each caller of
xfs_attr3_leaf_read.
Published: 2026-05-06
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from the XFS kernel filesystem’s helper function xfs_attr_leaf_hasname returning inconsistent buffer states. When xfs_attr3_leaf_read fails, the helper may return a NULL buffer; if xfs_attr3_leaf_lookup_int returns -ENOATTR or -EEXIST, it returns a valid buffer; otherwise it may return a dangling pointer. Callers that subsequently free or dereference the buffer can trigger use‑after‑free or double‑free conditions, which in kernel space may corrupt memory, cause a kernel panic, or potentially allow elevation of privileges. The weakness is classified as CWE‑825: Improper Release of Resource.

Affected Systems

All Linux kernels that provide the XFS filesystem and have not applied the commit that removes the xfs_attr_leaf_hasname helper are potentially vulnerable. The CVE references several commit hashes (e.g., 2fbc8421d1db102c0e5458607e042a23a03648b1, 3a65ea768b8094e4699e72f9ab420eb9e0f3f568, 457121c01f609b9934addbb04d5c1ef638c71c61, 530082df991903f3330354e99e0cb7b05debfa86). Administrators should treat any kernel prior to these changes as affected until a version that incorporates the inline replacement or removal of the helper is installed. No specific version ranges are published, so the safest mitigation is to upgrade to the latest stable kernel supported by the distribution.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity for kernel memory corruption. The EPSS score of <1% suggests that the probability of exploitation in the wild is low at present. The vulnerability is not recorded in the CISA KEV catalog, so no publicly known exploits are known. However, because the issue involves kernel memory management, a successful local exploit could result in a kernel panic or privilege escalation. Based on the description, it is inferred that the attack would likely require local or elevated access to provoke the error path, indicating a local privilege escalation vector.

Generated by OpenCVE AI on May 13, 2026 at 21:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a kernel version that contains the commit removing xfs_attr_leaf_hasname (for example the latest stable kernel from your distribution).
  • If an immediate update is not possible, unmount any XFS filesystems or disable the XFS module to prevent the vulnerable code path from executing.
  • As a temporary workaround, apply the inline patch that replaces the helper logic in your current kernel source and rebuild the kernel; ensure the patch incorporates proper buffer release on all paths.

Generated by OpenCVE AI on May 13, 2026 at 21:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 20:15:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-Other

Fri, 08 May 2026 13:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Thu, 07 May 2026 03:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416
CWE-590

Thu, 07 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-825
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate

Wed, 06 May 2026 14:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416
CWE-590

Wed, 06 May 2026 12:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: xfs: remove xfs_attr_leaf_hasname The calling convention of xfs_attr_leaf_hasname() is problematic, because it returns a NULL buffer when xfs_attr3_leaf_read fails, a valid buffer when xfs_attr3_leaf_lookup_int returns -ENOATTR or -EEXIST, and a non-NULL buffer pointer for an already released buffer when xfs_attr3_leaf_lookup_int fails with other error values. Fix this by simply open coding xfs_attr_leaf_hasname in the callers, so that the buffer release code is done by each caller of xfs_attr3_leaf_read.
Title xfs: remove xfs_attr_leaf_hasname
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:18:47.296Z

Reserved: 2026-05-01T14:12:55.989Z

Link: CVE-2026-43153

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T12:16:33.073

Modified: 2026-05-13T20:11:32.270

Link: CVE-2026-43153

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43153 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T22:00:06Z

Weaknesses