Description
In the Linux kernel, the following vulnerability has been resolved:

minix: Add required sanity checking to minix_check_superblock()

The fs/minix implementation of the minix filesystem does not currently
support any other value for s_log_zone_size than 0. This is also the
only value supported in util-linux; see mkfs.minix.c line 511. In
addition, this patch adds some sanity checking for the other minix
superblock fields, and moves the minix_blocks_needed() checks for the
zmap and imap also to minix_check_super_block().

This also closes a related syzbot bug report.
Published: 2026-05-06
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The fs/minix implementation in the Linux kernel failed to validate the superblock field s_log_zone_size, which is only defined to be zero, and performed insufficient checks on other superblock parameters. An attacker can supply a Minix volume with an invalid s_log_zone_size or corrupted superblock fields, causing the kernel to compute incorrect addresses or sizes during the mount process. This miscalculation can trigger a kernel crash, resulting in a denial of service for the host system.

Affected Systems

All Linux kernels that contain the unpatched fs/minix code path are affected, including older releases such as 2.6.12 and any other kernel versions prior to the commit that added the sanity checks. The issue persists in any distribution that ships with the legacy minix filesystem support and has not yet applied the patch.

Risk and Exploitability

The assigned CVSS score of 5.5 reflects a medium severity availability flaw, and the EPSS score of less than 1% indicates a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Based on the description, exploitation requires loading or mounting a malicious Minix volume, which is a local operation performed by the operating system. A local attacker with the ability to mount the filesystem can trigger a crash; remote exploitation would need a mechanism to force the target system to mount the malformed filesystem, which is outside the scope of the current description.

Generated by OpenCVE AI on May 11, 2026 at 23:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install a Linux kernel that includes the minix_check_superblock sanity‑check patch to correct the improper input validation flaw (CWE-1287).
  • Upgrade util‑linux to a version that enforces s_log_zone_size to be zero when creating Minix filesystems, reducing the risk of malformed volumes.
  • If Minix support is unnecessary, disable the minix filesystem module in the kernel configuration or unload it at runtime, eliminating the code path that could crash.
  • Until a patched kernel and util‑linux are available, avoid mounting or otherwise accessing unknown or untrusted Minix volumes on the affected system.

Generated by OpenCVE AI on May 11, 2026 at 23:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4606-1 linux security update
History

Mon, 11 May 2026 20:15:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.12:rc6:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Thu, 07 May 2026 04:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20

Thu, 07 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1287
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate

Wed, 06 May 2026 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20

Wed, 06 May 2026 12:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: minix: Add required sanity checking to minix_check_superblock() The fs/minix implementation of the minix filesystem does not currently support any other value for s_log_zone_size than 0. This is also the only value supported in util-linux; see mkfs.minix.c line 511. In addition, this patch adds some sanity checking for the other minix superblock fields, and moves the minix_blocks_needed() checks for the zmap and imap also to minix_check_super_block(). This also closes a related syzbot bug report.
Title minix: Add required sanity checking to minix_check_superblock()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:20:06.809Z

Reserved: 2026-05-01T14:12:55.993Z

Link: CVE-2026-43209

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T12:16:40.283

Modified: 2026-05-11T20:04:07.517

Link: CVE-2026-43209

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43209 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T23:30:02Z

Weaknesses