Description
NILFS utilities through 2.3.0, fixed in commit 26efb5d, nilfs_sb_is_valid() function fails to validate s_log_block_size field in NILFS2 superblock before bit-shift operations. Attackers supplying crafted NILFS2 images trigger undefined behavior through oversized shifts or out-of-memory conditions, crashing tools like nilfs-tune and dumpseg.
Published: 2026-06-18
Score: 6.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw occurs in the nilfs_sb_is_valid() routine of NILFS utilities when it fails to verify the s_log_block_size field of a NILFS2 superblock before shifting its value. This oversight triggers undefined behavior, letting an attacker supply a crafted NILFS2 image that causes oversized bit-shifts or out-of-memory conditions. The resulting crashes affect tools such as nilfs-tune and dumpseg, rendering them unresponsive and preventing further filesystem operations. The vulnerability preserves confidentiality and integrity but compromises availability, effectively enabling a denial‑of‑service attack against affected systems that run the vulnerable utilities.

Affected Systems

The issue impacts nilfs-dev nilfs-utils versions up to and including 2.3.0. Any system that installs the vulnerable release and processes user‑supplied NILFS2 images is susceptible. Upgrade to the fixed state – released in commit 26efb5d – eliminates the problem.

Risk and Exploitability

With a CVSS score of 6.7 the vulnerability is of moderate severity. No EPSS score is reported and the flaw is not listed in the CISA KEV catalog, indicating a comparatively lower profile. Attackers would need to provide a malicious NILFS2 image that the utilities ingest; the vector is therefore inferred to be local or via an untrusted image supply path. Successful exploitation leads to tool crashes, denying service to administrators or applications that rely on these utilities.

Generated by OpenCVE AI on June 18, 2026 at 22:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade nilfs-utils to a version newer than the commit that introduced the fix (26efb5d).
  • Restrict the execution of nilfs-tune and dumpseg to administrators or trusted users only, preventing unauthorized users from feeding crafted NILFS2 images to the utilities.
  • Perform pre‑validation of NILFS2 images (e.g., using a dedicated validator) to ensure the s_log_block_size is within acceptable limits before running the utilities.

Generated by OpenCVE AI on June 18, 2026 at 22:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 23 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Sun, 21 Jun 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Nilfs-dev
Nilfs-dev nilfs-utils
Vendors & Products Nilfs-dev
Nilfs-dev nilfs-utils

Thu, 18 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 18 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Description NILFS utilities through 2.3.0, fixed in commit 26efb5d, nilfs_sb_is_valid() function fails to validate s_log_block_size field in NILFS2 superblock before bit-shift operations. Attackers supplying crafted NILFS2 images trigger undefined behavior through oversized shifts or out-of-memory conditions, crashing tools like nilfs-tune and dumpseg.
Title NILFS utilities - Undefined Behavior and Out-of-Memory via Unvalidated s_log_block_size
Weaknesses CWE-1284
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.7, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}


Subscriptions

Nilfs-dev Nilfs-utils
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-18T18:58:04.938Z

Reserved: 2026-06-16T19:44:10.203Z

Link: CVE-2026-55392

cve-icon Vulnrichment

Updated: 2026-06-18T18:53:56.044Z

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-18T18:00:12Z

Links: CVE-2026-55392 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-20T22:55:50Z

Weaknesses
  • CWE-1284

    Improper Validation of Specified Quantity in Input