HOMEVULNERABILITIESCVE-2026-45943
NONE

CVE-2026-45943

Published: May 27, 2026· Updated: May 27, 2026

Official Description

In the Linux kernel, the following vulnerability has been resolved:

erofs: fix inline data read failure for ztailpacking pclusters

Compressed folios for ztailpacking pclusters must be valid before adding

these pclusters to I/O chains. Otherwise, z_erofs_decompress_pcluster()

may assume they are already valid and then trigger a NULL pointer

dereference.

It is somewhat hard to reproduce because the inline data is in the same

block as the tail of the compressed indexes, which are usually read just

before. However, it may still happen if a fatal signal arrives while

read_mapping_folio() is running, as shown below:

erofs: (device dm-1): z_erofs_pcluster_begin: failed to get inline data -4

Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008

...

pc : z_erofs_decompress_queue+0x4c8/0xa14

lr : z_erofs_decompress_queue+0x160/0xa14

sp : ffffffc08b3eb3a0

x29: ffffffc08b3eb570 x28: ffffffc08b3eb418 x27: 0000000000001000

x26: ffffff8086ebdbb8 x25: ffffff8086ebdbb8 x24: 0000000000000001

x23: 0000000000000008 x22: 00000000fffffffb x21: dead000000000700

x20: 00000000000015e7 x19: ffffff808babb400 x18: ffffffc089edc098

x17: 00000000c006287d x16: 00000000c006287d x15: 0000000000000004

x14: ffffff80ba8f8000 x13: 0000000000000004 x12: 00000006589a77c9

x11: 0000000000000015 x10: 0000000000000000 x9 : 0000000000000000

x8 : 0000000000000000 x7 : 0000000000000000 x6 : 000000000000003f

x5 : 0000000000000040 x4 : ffffffffffffffe0 x3 : 0000000000000020

x2 : 0000000000000008 x1 : 0000000000000000 x0 : 0000000000000000

Call trace:

z_erofs_decompress_queue+0x4c8/0xa14

z_erofs_runqueue+0x908/0x97c

z_erofs_read_folio+0x128/0x228

filemap_read_folio+0x68/0x128

filemap_get_pages+0x44c/0x8b4

filemap_read+0x12c/0x5b8

generic_file_read_iter+0x4c/0x15c

do_iter_readv_writev+0x188/0x1e0

vfs_iter_read+0xac/0x1a4

backing_file_read_iter+0x170/0x34c

ovl_read_iter+0xf0/0x140

vfs_read+0x28c/0x344

ksys_read+0x80/0xf0

__arm64_sys_read+0x24/0x34

invoke_syscall+0x60/0x114

el0_svc_common+0x88/0xe4

do_el0_svc+0x24/0x30

el0_svc+0x40/0xa8

el0t_64_sync_handler+0x70/0xbc

el0t_64_sync+0x1bc/0x1c0

Fix this by reading the inline data before allocating and adding

the pclusters to the I/O chains.

NVD Source

Technical Analysis

CVE-2026-45943 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (4)

Quick Facts

CVE IDCVE-2026-45943
SeverityNONE
CISA KEVNo
PublishedMay 27, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-45943 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.