Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-43288— ext4: move ext4_percpu_param_init() before ext4_mb_init()

EPSS 0.02% · P5
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-43288

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
ext4: move ext4_percpu_param_init() before ext4_mb_init()
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: ext4: move ext4_percpu_param_init() before ext4_mb_init() When running `kvm-xfstests -c ext4/1k -C 1 generic/383` with the `DOUBLE_CHECK` macro defined, the following panic is triggered: ================================================================== EXT4-fs error (device vdc): ext4_validate_block_bitmap:423: comm mount: bg 0: bad block bitmap checksum BUG: unable to handle page fault for address: ff110000fa2cc000 PGD 3e01067 P4D 3e02067 PUD 0 Oops: Oops: 0000 [#1] SMP NOPTI CPU: 0 UID: 0 PID: 2386 Comm: mount Tainted: G W 6.18.0-gba65a4e7120a-dirty #1152 PREEMPT(none) RIP: 0010:percpu_counter_add_batch+0x13/0xa0 Call Trace: <TASK> ext4_mark_group_bitmap_corrupted+0xcb/0xe0 ext4_validate_block_bitmap+0x2a1/0x2f0 ext4_read_block_bitmap+0x33/0x50 mb_group_bb_bitmap_alloc+0x33/0x80 ext4_mb_add_groupinfo+0x190/0x250 ext4_mb_init_backend+0x87/0x290 ext4_mb_init+0x456/0x640 __ext4_fill_super+0x1072/0x1680 ext4_fill_super+0xd3/0x280 get_tree_bdev_flags+0x132/0x1d0 vfs_get_tree+0x29/0xd0 vfs_cmd_create+0x59/0xe0 __do_sys_fsconfig+0x4f6/0x6b0 do_syscall_64+0x50/0x1f0 entry_SYSCALL_64_after_hwframe+0x76/0x7e ================================================================== This issue can be reproduced using the following commands: mkfs.ext4 -F -q -b 1024 /dev/sda 5G tune2fs -O quota,project /dev/sda mount /dev/sda /tmp/test With DOUBLE_CHECK defined, mb_group_bb_bitmap_alloc() reads and validates the block bitmap. When the validation fails, ext4_mark_group_bitmap_corrupted() attempts to update sbi->s_freeclusters_counter. However, this percpu_counter has not been initialized yet at this point, which leads to the panic described above. Fix this by moving the execution of ext4_percpu_param_init() to occur before ext4_mb_init(), ensuring the per-CPU counters are initialized before they are used.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于ext4_percpu_param_init初始化顺序问题,可能导致系统崩溃。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux d5e03cbb0c88cd1be39f2adc37d602230045964b ~ 0d5fcb063cdabb9aeaa8554b7fedad2092c4150e -
LinuxLinux 3.17 -

II. Public POCs for CVE-2026-43288

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-43288

登录查看更多情报信息。

Same Patch Batch · Linux · 2026-05-08 · 199 CVEs total

CVE-2026-433049.8 CRITICALlibceph: define and enforce CEPH_MAX_KEY_LEN
CVE-2026-433419.8 CRITICALnet/ipv6: ioam6: prevent schema length wraparound in trace fill
CVE-2026-433769.8 CRITICALksmbd: fix use-after-free by using call_rcu() for oplock_info
CVE-2026-433799.8 CRITICALksmbd: fix use-after-free in smb_lazy_parent_lease_break_close()
CVE-2026-433849.8 CRITICALnet/tcp-ao: Fix MAC comparison to be constant-time
CVE-2026-434659.8 CRITICALnet/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQ
CVE-2026-434029.8 CRITICALkthread: consolidate kthread exit paths to prevent use-after-free
CVE-2026-434149.8 CRITICALscsi: qla2xxx: Completely fix fcport double free
CVE-2026-433839.4 CRITICALnet/tcp-md5: Fix MAC comparison to be constant-time
CVE-2026-434069.1 CRITICALlibceph: prevent potential out-of-bounds reads in process_message_header()
CVE-2026-434079.1 CRITICALlibceph: Fix potential out-of-bounds access in ceph_handle_auth_reply()
CVE-2026-432848.8 HIGHxfrm: esp: avoid in-place decrypt on shared skb frags
CVE-2026-433228.8 HIGHBluetooth: hci_sync: Fix UAF in le_read_features_complete
CVE-2026-433348.8 HIGHBluetooth: SMP: force responder MITM requirements before building the pairing response
CVE-2026-433918.8 HIGHnsfs: tighten permission checks for handle opening
CVE-2026-434038.8 HIGHnsfs: tighten permission checks for ns iteration ioctls
CVE-2026-432918.3 HIGHnet: nfc: nci: Fix parameter validation for packet data
CVE-2026-434528.2 HIGHnetfilter: x_tables: guard option walkers against 1-byte tail reads
CVE-2026-434668.2 HIGHnet/mlx5e: Fix DMA FIFO desync on error CQE SQ recovery
CVE-2026-433658.2 HIGHxfs: fix undersized l_iclog_roundoff values

Showing top 20 of 199 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2026-43288

No comments yet

Leave a comment