Vulnerabilities

Report: Latest: CVE-2026-43053 - xfs: close crash window in attr dabtree inactivation

2026-05-01 0 views admin
Report: Latest: CVE-2026-43053 - xfs: close crash window in attr dabtree inactivation

CVE ID :CVE-2026-43053 Published : May 1, 2026, 3:16 p.m. | 14 minutes ago Description :In the Linux kernel, the following vulnerability has been resolved: xfs: close crash window in attr dabtree inactivation When inactivating an inode with node-format extended attributes, xfs_attr3_node_inactive() invalidates all child leaf/node blocks via xfs_trans_binval(), but intentionally does not remove the corresponding entries from their parent node blocks. The implicit assumption is that xfs_attr_inactive() will truncate the entire attr fork to zero extents afterwards, so log recovery will never reach the root node and follow those stale pointers. However, if a log shutdown occurs after the leaf/node block cancellations commit but before the attr bmap truncation commits, this assumption breaks. Recovery replays the attr bmap intact (the inode still has attr fork extents), but suppresses replay of all cancelled leaf/node blocks, maybe leaving them as stale data on disk. On the next mount, xlog_recover_process_iunlinks() retries inactivation and attempts to read the root node via the attr bmap. If the root node was not replayed, reading the unreplayed root block triggers a metadata verification failure immediately; if it was replayed, following its child pointers to unreplayed child blocks triggers the same failure: XFS (pmem0): Metadata corruption detected at xfs_da3_node_read_verify+0x53/0x220, xfs_da3_node block 0x78 XFS (pmem0): Unmount and run xfs_repair XFS (pmem0): First 128 bytes of corrupted metadata buffer: 00000000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00000030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ XFS (pmem0): metadata I/O error in

CVE Details

Published
May 1, 2026
Affected Product: Linux

🏷️ Tags

reportlatest43053closecrashwindowdabtreeinactivationcvecve-2026-43053

More from Vulnerabilities

Report: - mpls: add seqcount to protect the platform_label{,s} pair CVE-2026-43042

Report: - mpls: add seqcount to protect the platform_label{,s} pair CVE-2026-43042

2026-05-01 0
Report: CVE-2026-43040 - net: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX fields to ze

Report: CVE-2026-43040 - net: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX fields to ze

2026-05-01 0
Report: Complete Guide to CVE-2026-43041 - net: qrtr: replace qrtr_tx_flow radix_tree with xarray to fix memory leak

Report: Complete Guide to CVE-2026-43041 - net: qrtr: replace qrtr_tx_flow radix_tree with xarray to fix memory leak

2026-05-01 0
Report: Complete Guide to CVE-2026-43039 - net: ti: icssg-prueth: fix missing data copy and wrong recycle in ZC RX dispatch

Report: Complete Guide to CVE-2026-43039 - net: ti: icssg-prueth: fix missing data copy and wrong recycle in ZC RX dispatch

2026-05-01 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views