CVE-2026-43068 (GCVE-0-2026-43068)
Vulnerability from cvelistv5 – Published: 2026-05-05 15:23 – Updated: 2026-05-05 15:23
VLAI?
Title
ext4: avoid allocate block from corrupted group in ext4_mb_find_by_goal()
Summary
In the Linux kernel, the following vulnerability has been resolved:
ext4: avoid allocate block from corrupted group in ext4_mb_find_by_goal()
There's issue as follows:
...
EXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 206 at logical offset 0 with max blocks 1 with error 117
EXT4-fs (mmcblk0p1): This should not happen!! Data will be lost
EXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 206 at logical offset 0 with max blocks 1 with error 117
EXT4-fs (mmcblk0p1): This should not happen!! Data will be lost
EXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 206 at logical offset 0 with max blocks 1 with error 117
EXT4-fs (mmcblk0p1): This should not happen!! Data will be lost
EXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 206 at logical offset 0 with max blocks 1 with error 117
EXT4-fs (mmcblk0p1): This should not happen!! Data will be lost
EXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 2243 at logical offset 0 with max blocks 1 with error 117
EXT4-fs (mmcblk0p1): This should not happen!! Data will be lost
EXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 2239 at logical offset 0 with max blocks 1 with error 117
EXT4-fs (mmcblk0p1): This should not happen!! Data will be lost
EXT4-fs (mmcblk0p1): error count since last fsck: 1
EXT4-fs (mmcblk0p1): initial error at time 1765597433: ext4_mb_generate_buddy:760
EXT4-fs (mmcblk0p1): last error at time 1765597433: ext4_mb_generate_buddy:760
...
According to the log analysis, blocks are always requested from the
corrupted block group. This may happen as follows:
ext4_mb_find_by_goal
ext4_mb_load_buddy
ext4_mb_load_buddy_gfp
ext4_mb_init_cache
ext4_read_block_bitmap_nowait
ext4_wait_block_bitmap
ext4_validate_block_bitmap
if (!grp || EXT4_MB_GRP_BBITMAP_CORRUPT(grp))
return -EFSCORRUPTED; // There's no logs.
if (err)
return err; // Will return error
ext4_lock_group(ac->ac_sb, group);
if (unlikely(EXT4_MB_GRP_BBITMAP_CORRUPT(e4b->bd_info))) // Unreachable
goto out;
After commit 9008a58e5dce ("ext4: make the bitmap read routines return
real error codes") merged, Commit 163a203ddb36 ("ext4: mark block group
as corrupt on block bitmap error") is no real solution for allocating
blocks from corrupted block groups. This is because if
'EXT4_MB_GRP_BBITMAP_CORRUPT(e4b->bd_info)' is true, then
'ext4_mb_load_buddy()' may return an error. This means that the block
allocation will fail.
Therefore, check block group if corrupted when ext4_mb_load_buddy()
returns error.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
163a203ddb36c36d4a1c942aececda0cc8d06aa7 , < fea6b2e250ff48f10d166011b57a8516ae5438c9
(git)
Affected: 163a203ddb36c36d4a1c942aececda0cc8d06aa7 , < 0b84571c886719823d537f05f4f07cad6357c4b7 (git) Affected: 163a203ddb36c36d4a1c942aececda0cc8d06aa7 , < ffc0a282462d45fee5957621be5afa29752f3b6d (git) Affected: 163a203ddb36c36d4a1c942aececda0cc8d06aa7 , < 2d31a5073f86a177edf44015e0dedb0c47cfd6d8 (git) Affected: 163a203ddb36c36d4a1c942aececda0cc8d06aa7 , < 9370207b36d26e45a8c8ef0500706d37036edd6b (git) Affected: 163a203ddb36c36d4a1c942aececda0cc8d06aa7 , < 1895f7904be71c48f1e6f338b28f24dabd6b8aeb (git) Affected: 163a203ddb36c36d4a1c942aececda0cc8d06aa7 , < 1c0d7c4cde38a887c6d74e0c89ddb25226943c78 (git) Affected: 163a203ddb36c36d4a1c942aececda0cc8d06aa7 , < 46066e3a06647c5b186cc6334409722622d05c44 (git) |
|||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ext4/mballoc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fea6b2e250ff48f10d166011b57a8516ae5438c9",
"status": "affected",
"version": "163a203ddb36c36d4a1c942aececda0cc8d06aa7",
"versionType": "git"
},
{
"lessThan": "0b84571c886719823d537f05f4f07cad6357c4b7",
"status": "affected",
"version": "163a203ddb36c36d4a1c942aececda0cc8d06aa7",
"versionType": "git"
},
{
"lessThan": "ffc0a282462d45fee5957621be5afa29752f3b6d",
"status": "affected",
"version": "163a203ddb36c36d4a1c942aececda0cc8d06aa7",
"versionType": "git"
},
{
"lessThan": "2d31a5073f86a177edf44015e0dedb0c47cfd6d8",
"status": "affected",
"version": "163a203ddb36c36d4a1c942aececda0cc8d06aa7",
"versionType": "git"
},
{
"lessThan": "9370207b36d26e45a8c8ef0500706d37036edd6b",
"status": "affected",
"version": "163a203ddb36c36d4a1c942aececda0cc8d06aa7",
"versionType": "git"
},
{
"lessThan": "1895f7904be71c48f1e6f338b28f24dabd6b8aeb",
"status": "affected",
"version": "163a203ddb36c36d4a1c942aececda0cc8d06aa7",
"versionType": "git"
},
{
"lessThan": "1c0d7c4cde38a887c6d74e0c89ddb25226943c78",
"status": "affected",
"version": "163a203ddb36c36d4a1c942aececda0cc8d06aa7",
"versionType": "git"
},
{
"lessThan": "46066e3a06647c5b186cc6334409722622d05c44",
"status": "affected",
"version": "163a203ddb36c36d4a1c942aececda0cc8d06aa7",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ext4/mballoc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.12"
},
{
"lessThan": "3.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.253",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.203",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.131",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.80",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.21",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.19.*",
"status": "unaffected",
"version": "6.19.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.253",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.203",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.168",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.131",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.80",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.21",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19.11",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0",
"versionStartIncluding": "3.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid allocate block from corrupted group in ext4_mb_find_by_goal()\n\nThere\u0027s issue as follows:\n...\nEXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 206 at logical offset 0 with max blocks 1 with error 117\nEXT4-fs (mmcblk0p1): This should not happen!! Data will be lost\n\nEXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 206 at logical offset 0 with max blocks 1 with error 117\nEXT4-fs (mmcblk0p1): This should not happen!! Data will be lost\n\nEXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 206 at logical offset 0 with max blocks 1 with error 117\nEXT4-fs (mmcblk0p1): This should not happen!! Data will be lost\n\nEXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 206 at logical offset 0 with max blocks 1 with error 117\nEXT4-fs (mmcblk0p1): This should not happen!! Data will be lost\n\nEXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 2243 at logical offset 0 with max blocks 1 with error 117\nEXT4-fs (mmcblk0p1): This should not happen!! Data will be lost\n\nEXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 2239 at logical offset 0 with max blocks 1 with error 117\nEXT4-fs (mmcblk0p1): This should not happen!! Data will be lost\n\nEXT4-fs (mmcblk0p1): error count since last fsck: 1\nEXT4-fs (mmcblk0p1): initial error at time 1765597433: ext4_mb_generate_buddy:760\nEXT4-fs (mmcblk0p1): last error at time 1765597433: ext4_mb_generate_buddy:760\n...\n\nAccording to the log analysis, blocks are always requested from the\ncorrupted block group. This may happen as follows:\next4_mb_find_by_goal\n ext4_mb_load_buddy\n ext4_mb_load_buddy_gfp\n ext4_mb_init_cache\n ext4_read_block_bitmap_nowait\n ext4_wait_block_bitmap\n ext4_validate_block_bitmap\n if (!grp || EXT4_MB_GRP_BBITMAP_CORRUPT(grp))\n return -EFSCORRUPTED; // There\u0027s no logs.\n if (err)\n return err; // Will return error\next4_lock_group(ac-\u003eac_sb, group);\n if (unlikely(EXT4_MB_GRP_BBITMAP_CORRUPT(e4b-\u003ebd_info))) // Unreachable\n goto out;\n\nAfter commit 9008a58e5dce (\"ext4: make the bitmap read routines return\nreal error codes\") merged, Commit 163a203ddb36 (\"ext4: mark block group\nas corrupt on block bitmap error\") is no real solution for allocating\nblocks from corrupted block groups. This is because if\n\u0027EXT4_MB_GRP_BBITMAP_CORRUPT(e4b-\u003ebd_info)\u0027 is true, then\n\u0027ext4_mb_load_buddy()\u0027 may return an error. This means that the block\nallocation will fail.\nTherefore, check block group if corrupted when ext4_mb_load_buddy()\nreturns error."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T15:23:27.371Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fea6b2e250ff48f10d166011b57a8516ae5438c9"
},
{
"url": "https://git.kernel.org/stable/c/0b84571c886719823d537f05f4f07cad6357c4b7"
},
{
"url": "https://git.kernel.org/stable/c/ffc0a282462d45fee5957621be5afa29752f3b6d"
},
{
"url": "https://git.kernel.org/stable/c/2d31a5073f86a177edf44015e0dedb0c47cfd6d8"
},
{
"url": "https://git.kernel.org/stable/c/9370207b36d26e45a8c8ef0500706d37036edd6b"
},
{
"url": "https://git.kernel.org/stable/c/1895f7904be71c48f1e6f338b28f24dabd6b8aeb"
},
{
"url": "https://git.kernel.org/stable/c/1c0d7c4cde38a887c6d74e0c89ddb25226943c78"
},
{
"url": "https://git.kernel.org/stable/c/46066e3a06647c5b186cc6334409722622d05c44"
}
],
"title": "ext4: avoid allocate block from corrupted group in ext4_mb_find_by_goal()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-43068",
"datePublished": "2026-05-05T15:23:27.371Z",
"dateReserved": "2026-05-01T14:12:55.982Z",
"dateUpdated": "2026-05-05T15:23:27.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-43068",
"date": "2026-05-09",
"epss": "0.00024",
"percentile": "0.07036"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-43068\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-05-05T16:16:16.053\",\"lastModified\":\"2026-05-06T13:08:07.970\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\next4: avoid allocate block from corrupted group in ext4_mb_find_by_goal()\\n\\nThere\u0027s issue as follows:\\n...\\nEXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 206 at logical offset 0 with max blocks 1 with error 117\\nEXT4-fs (mmcblk0p1): This should not happen!! Data will be lost\\n\\nEXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 206 at logical offset 0 with max blocks 1 with error 117\\nEXT4-fs (mmcblk0p1): This should not happen!! Data will be lost\\n\\nEXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 206 at logical offset 0 with max blocks 1 with error 117\\nEXT4-fs (mmcblk0p1): This should not happen!! Data will be lost\\n\\nEXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 206 at logical offset 0 with max blocks 1 with error 117\\nEXT4-fs (mmcblk0p1): This should not happen!! Data will be lost\\n\\nEXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 2243 at logical offset 0 with max blocks 1 with error 117\\nEXT4-fs (mmcblk0p1): This should not happen!! Data will be lost\\n\\nEXT4-fs (mmcblk0p1): Delayed block allocation failed for inode 2239 at logical offset 0 with max blocks 1 with error 117\\nEXT4-fs (mmcblk0p1): This should not happen!! Data will be lost\\n\\nEXT4-fs (mmcblk0p1): error count since last fsck: 1\\nEXT4-fs (mmcblk0p1): initial error at time 1765597433: ext4_mb_generate_buddy:760\\nEXT4-fs (mmcblk0p1): last error at time 1765597433: ext4_mb_generate_buddy:760\\n...\\n\\nAccording to the log analysis, blocks are always requested from the\\ncorrupted block group. This may happen as follows:\\next4_mb_find_by_goal\\n ext4_mb_load_buddy\\n ext4_mb_load_buddy_gfp\\n ext4_mb_init_cache\\n ext4_read_block_bitmap_nowait\\n ext4_wait_block_bitmap\\n ext4_validate_block_bitmap\\n if (!grp || EXT4_MB_GRP_BBITMAP_CORRUPT(grp))\\n return -EFSCORRUPTED; // There\u0027s no logs.\\n if (err)\\n return err; // Will return error\\next4_lock_group(ac-\u003eac_sb, group);\\n if (unlikely(EXT4_MB_GRP_BBITMAP_CORRUPT(e4b-\u003ebd_info))) // Unreachable\\n goto out;\\n\\nAfter commit 9008a58e5dce (\\\"ext4: make the bitmap read routines return\\nreal error codes\\\") merged, Commit 163a203ddb36 (\\\"ext4: mark block group\\nas corrupt on block bitmap error\\\") is no real solution for allocating\\nblocks from corrupted block groups. This is because if\\n\u0027EXT4_MB_GRP_BBITMAP_CORRUPT(e4b-\u003ebd_info)\u0027 is true, then\\n\u0027ext4_mb_load_buddy()\u0027 may return an error. This means that the block\\nallocation will fail.\\nTherefore, check block group if corrupted when ext4_mb_load_buddy()\\nreturns error.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0b84571c886719823d537f05f4f07cad6357c4b7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/1895f7904be71c48f1e6f338b28f24dabd6b8aeb\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/1c0d7c4cde38a887c6d74e0c89ddb25226943c78\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/2d31a5073f86a177edf44015e0dedb0c47cfd6d8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/46066e3a06647c5b186cc6334409722622d05c44\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/9370207b36d26e45a8c8ef0500706d37036edd6b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/fea6b2e250ff48f10d166011b57a8516ae5438c9\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ffc0a282462d45fee5957621be5afa29752f3b6d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…