CVE-2026-23388
ADVISORY - nistSummary
In the Linux kernel, the following vulnerability has been resolved:
Squashfs: check metadata block offset is within range
Syzkaller reports a "general protection fault in squashfs_copy_data"
This is ultimately caused by a corrupted index look-up table, which produces a negative metadata block offset.
This is subsequently passed to squashfs_copy_data (via squashfs_read_metadata) where the negative offset causes an out of bounds access.
The fix is to check that the offset is within range in squashfs_read_metadata. This will trap this and other cases.
EPSS Score: 0.00119 (0.021)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Out-of-bounds Read
ADVISORY - redhat
Improper Validation of Specified Index, Position, or Offset in Input
Sign in to Docker Scout
See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.
Sign in