CVE-2026-43209 - Vulnerability Details

- minix: Add required sanity checking to minix_check_superblock()

Description

In the Linux kernel, the following vulnerability has been resolved:

minix: Add required sanity checking to minix_check_superblock()

The fs/minix implementation of the minix filesystem does not currently
support any other value for s_log_zone_size than 0. This is also the
only value supported in util-linux; see mkfs.minix.c line 511. In
addition, this patch adds some sanity checking for the other minix
superblock fields, and moves the minix_blocks_needed() checks for the
zmap and imap also to minix_check_super_block().

This also closes a related syzbot bug report.

Published: 2026-05-06

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

Minix filesystem support in the Linux kernel lacks input validation for critical superblock fields, notably s_log_zone_size. The kernel expects this field to be zero but accepts other values, and additional data fields lack sanity checking. A crafted superblock with invalid values can cause the kernel to calculate incorrect sizes and indices, leading to memory corruption or a crash. This would result in a denial‑of‑service by unconditionally crashing the host during a mount operation.

Affected Systems

All Linux kernel distributions that still use the unmodified fs/minix implementation are affected. The vulnerability is present in kernel versions prior to the application of the commit that adds sanity checks and potentially in util‑linux utility versions that generate Minix superblocks without enforcing the zero s_log_zone_size rule. The exact affected releases are not enumerated, but any pre‑patch kernel with the vulnerable code path is at risk.

Risk and Exploitability

Official security metrics are not published; no CVSS or EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog. The absence of input validation suggests that crafting a malicious superblock would be relatively straightforward, but the lack of a documented exploit and KEV status indicates no confirmed exploitation in the wild. Nonetheless, the potential to crash the kernel during a mount operation makes the vulnerability high‑impact from an availability standpoint.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< a051ecf5c5b0387840dc210413ed3bc7fbdaa69c
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< d791c544efd6b9c944b43cf7f502e5bcb02fb941
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 66c7c239c65341f99ae388d4d53dc9df2bcb9925
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 2bb588cede1c1969e49c0a2822c8cb8b346b7682
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< f57ccd4657c7f082dc47e5b9e18a883bb5f9118f
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 31fefc18096cdc5549cfa54964d90e0b3229aedc
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 1efc128ee4adbc23e082715425ff895449d233bc
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 8c97a6ddc95690a938ded44b4e3202f03f15078c

Linux

affected

Version	Status	Constraints
`5.10.252`	unaffected	≤ 5.10.*
`5.15.202`	unaffected	≤ 5.15.*
`6.1.165`	unaffected	≤ 6.1.*
`6.6.128`	unaffected	≤ 6.6.*
`6.12.75`	unaffected	≤ 6.12.*
`6.18.16`	unaffected	≤ 6.18.*
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,a051ecf5c5b0387840dc210413ed3bc7fbdaa69c)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,d791c544efd6b9c944b43cf7f502e5bcb02fb941)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,66c7c239c65341f99ae388d4d53dc9df2bcb9925)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,2bb588cede1c1969e49c0a2822c8cb8b346b7682)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,f57ccd4657c7f082dc47e5b9e18a883bb5f9118f)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,31fefc18096cdc5549cfa54964d90e0b3229aedc)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,1efc128ee4adbc23e082715425ff895449d233bc)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,8c97a6ddc95690a938ded44b4e3202f03f15078c)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[5.10.252,5.11.0)`	unaffected	semver	—
`[5.15.202,5.16.0)`	unaffected	semver	—
`[6.1.165,6.2.0)`	unaffected	semver	—
`[6.6.128,6.7.0)`	unaffected	semver	—
`[6.12.75,6.13.0)`	unaffected	semver	—
`[6.18.16,6.19.0)`	unaffected	semver	—
`[6.19.6,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Install a Linux kernel version that includes the minix_check_superblock sanity‑check patch.
Upgrade util‑linux to a version that enforces s_log_zone_size is zero when creating Minix filesystems.
If Minix support is unnecessary, disable the minix filesystem in the kernel configuration or unload the module.
Avoid mounting Minix volumes from unknown or untrusted sources until the official fix is applied.

Generated by OpenCVE AI on May 6, 2026 at 16:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/1efc128ee4adbc23e082715425ff895449d233bc
https://git.kernel.org/stable/c/2bb588cede1c1969e49c0a2822c8cb8b346b7682
https://git.kernel.org/stable/c/31fefc18096cdc5549cfa54964d90e0b3229aedc
https://git.kernel.org/stable/c/66c7c239c65341f99ae388d4d53dc9df2bcb9925
https://git.kernel.org/stable/c/8c97a6ddc95690a938ded44b4e3202f03f15078c
https://git.kernel.org/stable/c/a051ecf5c5b0387840dc210413ed3bc7fbdaa69c
https://git.kernel.org/stable/c/d791c544efd6b9c944b43cf7f502e5bcb02fb941
https://git.kernel.org/stable/c/f57ccd4657c7f082dc47e5b9e18a883bb5f9118f

History

Wed, 06 May 2026 16:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-20

Wed, 06 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: minix: Add required sanity checking to minix_check_superblock() The fs/minix implementation of the minix filesystem does not currently support any other value for s_log_zone_size than 0. This is also the only value supported in util-linux; see mkfs.minix.c line 511. In addition, this patch adds some sanity checking for the other minix superblock fields, and moves the minix_blocks_needed() checks for the zmap and imap also to minix_check_super_block(). This also closes a related syzbot bug report.
Title		minix: Add required sanity checking to minix_check_superblock()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/1efc128ee4adbc23e082715425ff895449d233bc https://git.kernel.org/stable/c/2bb588cede1c1969e49c0a2822c8cb8b346b7682 https://git.kernel.org/stable/c/31fefc18096cdc5549cfa54964d90e0b3229aedc https://git.kernel.org/stable/c/66c7c239c65341f99ae388d4d53dc9df2bcb9925 https://git.kernel.org/stable/c/8c97a6ddc95690a938ded44b4e3202f03f15078c https://git.kernel.org/stable/c/a051ecf5c5b0387840dc210413ed3bc7fbdaa69c https://git.kernel.org/stable/c/d791c544efd6b9c944b43cf7f502e5bcb02fb941 https://git.kernel.org/stable/c/f57ccd4657c7f082dc47e5b9e18a883bb5f9118f

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-06T11:28:12.965Z

Updated: 2026-05-06T11:28:12.965Z

Reserved: 2026-05-01T14:12:55.993Z

Link: CVE-2026-43209

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-06T12:16:40.283

Modified: 2026-05-06T13:07:51.607

Link: CVE-2026-43209

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-06T17:15:08Z

Weaknesses

CWE-20

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object