CVE-2026-55392

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

5.5 / 10

Vector String

                                        CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H                                    

Vulnerability Description

NILFS utilities through 2.3.0, fixed in commit 26efb5d, nilfs_sb_is_valid() function fails to validate s_log_block_size field in NILFS2 superblock before bit-shift operations. Attackers supplying crafted NILFS2 images trigger undefined behavior through oversized shifts or out-of-memory conditions, crashing tools like nilfs-tune and dumpseg.

Vulnerability Details

Published Date

June 18, 2026

Last Modified

June 18, 2026

CWE ID

CWE-1284

Source

NVD

Vendor

nilfs-dev

Product

nilfs-utils

External References

https://github.com/nilfs-dev/nilfs-utils/commit/26efb5daff0757365101035145331b0a5a85d9d9
https://github.com/nilfs-dev/nilfs-utils/issues/26

CVE-2026-55392

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment