CVE-2026-55392 – NILFS utilities – Undefined Behavior and Out-of-Memory via Unvalidated s_log_block_size

CVE ID :CVE-2026-55392

Published : June 18, 2026, 6 p.m. | 1 hour, 42 minutes ago

Description :NILFS utilities through 2.3.0, fixed in commit 26efb5d, nilfs_sb_is_valid() function fails to validate s_log_block_size field in NILFS2 superblock before bit-shift operations. Attackers supplying crafted NILFS2 images trigger undefined behavior through oversized shifts or out-of-memory conditions, crashing tools like nilfs-tune and dumpseg.

Severity: 6.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…