HOMEVULNERABILITIESCVE-2026-43288
NONE

CVE-2026-43288

Published: May 8, 2026· Updated: May 12, 2026

EPSS:0.02%probability of exploitation in 30 daysPercentile:5.0th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

ext4: move ext4_percpu_param_init() before ext4_mb_init()

When running `kvm-xfstests -c ext4/1k -C 1 generic/383` with the

`DOUBLE_CHECK` macro defined, the following panic is triggered:

==================================================================

EXT4-fs error (device vdc): ext4_validate_block_bitmap:423:

comm mount: bg 0: bad block bitmap checksum

BUG: unable to handle page fault for address: ff110000fa2cc000

PGD 3e01067 P4D 3e02067 PUD 0

Oops: Oops: 0000 [#1] SMP NOPTI

CPU: 0 UID: 0 PID: 2386 Comm: mount Tainted: G W

6.18.0-gba65a4e7120a-dirty #1152 PREEMPT(none)

RIP: 0010:percpu_counter_add_batch+0x13/0xa0

Call Trace:

<TASK>

ext4_mark_group_bitmap_corrupted+0xcb/0xe0

ext4_validate_block_bitmap+0x2a1/0x2f0

ext4_read_block_bitmap+0x33/0x50

mb_group_bb_bitmap_alloc+0x33/0x80

ext4_mb_add_groupinfo+0x190/0x250

ext4_mb_init_backend+0x87/0x290

ext4_mb_init+0x456/0x640

__ext4_fill_super+0x1072/0x1680

ext4_fill_super+0xd3/0x280

get_tree_bdev_flags+0x132/0x1d0

vfs_get_tree+0x29/0xd0

vfs_cmd_create+0x59/0xe0

__do_sys_fsconfig+0x4f6/0x6b0

do_syscall_64+0x50/0x1f0

entry_SYSCALL_64_after_hwframe+0x76/0x7e

==================================================================

This issue can be reproduced using the following commands:

mkfs.ext4 -F -q -b 1024 /dev/sda 5G

tune2fs -O quota,project /dev/sda

mount /dev/sda /tmp/test

With DOUBLE_CHECK defined, mb_group_bb_bitmap_alloc() reads

and validates the block bitmap. When the validation fails,

ext4_mark_group_bitmap_corrupted() attempts to update

sbi->s_freeclusters_counter. However, this percpu_counter has not been

initialized yet at this point, which leads to the panic described above.

Fix this by moving the execution of ext4_percpu_param_init() to occur

before ext4_mb_init(), ensuring the per-CPU counters are initialized

before they are used.

NVD Source

Technical Analysis

CVE-2026-43288 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (5)

Quick Facts

CVE IDCVE-2026-43288
SeverityNONE
CISA KEVNo
EPSS (30d)0.02%
PublishedMay 8, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-43288 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.