{"id":"CVE-2026-55392","summary":"NILFS utilities - Undefined Behavior and Out-of-Memory via Unvalidated s_log_block_size","details":"NILFS utilities through 2.3.0, fixed in commit 26efb5d, nilfs_sb_is_valid() function fails to validate s_log_block_size field in NILFS2 superblock before bit-shift operations. Attackers supplying crafted NILFS2 images trigger undefined behavior through oversized shifts or out-of-memory conditions, crashing tools like nilfs-tune and dumpseg.","modified":"2026-07-08T08:10:43.086024861Z","published":"2026-06-18T18:00:12.736Z","related":["openSUSE-SU-2026:11094-1","openSUSE-SU-2026:21183-1"],"database_specific":{"cna_assigner":"VulnCheck","cwe_ids":["CWE-1284"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/55xxx/CVE-2026-55392.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/55xxx/CVE-2026-55392.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-55392"},{"type":"REPORT","url":"https://github.com/nilfs-dev/nilfs-utils/issues/26"},{"type":"FIX","url":"https://github.com/nilfs-dev/nilfs-utils/commit/26efb5daff0757365101035145331b0a5a85d9d9"},{"type":"PACKAGE","url":"https://github.com/nilfs-dev/nilfs-utils"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nilfs-dev/nilfs-utils","events":[{"introduced":"0"},{"fixed":"4115aebf9fe29b78caecb7ee8a379390537a0a76"},{"fixed":"26efb5daff0757365101035145331b0a5a85d9d9"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"2.3.0"}],"source":["DESCRIPTION","REFERENCES"]}}],"versions":["v2.3.0","v2.2.5","v2.2.4","v2.2.3","v2.2.2","v2.2.1","v2.2.0","v2.1.6","v2.1.5","v2.1.4","v2.1.3","v2.1.2","v2.1.1","v2.1.0","v2.1.0-rc2","v2.1.0-rc1","v2.0.23","v2.0.22","v2.0.21","v2.0.20","v2.0.19","v2.0.18","v2.0.17","v2.0.16","v2.0.15","v2.0.14","v2.0.13","v2.0.12","v2.0.11","v2.0.10","v2.0.9","v2.0.8","v2.0.7","v2.0.6","v2.0.5","v2.0.4","v2.0.3","v2.0.2","v2.0.1","v2.0.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-55392.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"}]}