Donate Telegram

CVE-2026-23388

NONE EPSS 0.03%

Mar 25, 2026

Updated Mar 25, 2026

Linux

Parameter	Value
Vendor	Linux
Public PoC	No

In the Linux kernel, the following vulnerability has been resolved: Squashfs: check metadata block offset is within range Syzkaller reports a "general protection fault in squashfs_copy_data" This is ultimately caused by a corrupted index look-up table, which produces a negative metadata block offset. This is subsequently passed to squashfs_copy_data (via squashfs_read_metadata) where the negative offset causes an out of bounds access. The fix is to check that the offset is within range in squashfs_read_metadata.

This will trap this and other cases.

References 6

https://git.kernel.org/stable/c/01ee0bcc29864b78249308e8b35042b09bbf5fe3

416baaa9-dc9f-4396-8d5f-8c081fb06d67

https://git.kernel.org/stable/c/0c8ab092aec3ac4294940054772d30b511b16713

416baaa9-dc9f-4396-8d5f-8c081fb06d67

https://git.kernel.org/stable/c/3b9499e7d677dd4366239a292238489a804936b2

416baaa9-dc9f-4396-8d5f-8c081fb06d67

https://git.kernel.org/stable/c/6b847d65f5b0065e02080c61fad93d57d6686383

416baaa9-dc9f-4396-8d5f-8c081fb06d67

https://git.kernel.org/stable/c/9e9fa5ad37c9cbad73c165c7ff1e76e650825e7c

416baaa9-dc9f-4396-8d5f-8c081fb06d67

https://git.kernel.org/stable/c/fdb24a820a5832ec4532273282cbd4f22c291a0d

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-34776

Linux

CVE-2026-34990

Linux

CVE-2026-34980

Linux

CVE-2026-34979

Linux

CVE-2026-34978

Linux

CVE Details

CVE ID

CVE-2026-23388

Published Date

Mar 25, 2026

Vendor

Linux

Severity

NONE

Exploit Prediction (EPSS)

Probability of Exploit 0.03%

Likelihood of exploitation in next 30 days

Percentile: 9.2th percentile (higher than 9.2% of all CVEs)

Standard patching cycle

Impact

Minimal impact

Source

Editor's Choice