cve 2026 31449

CVE-2026-31449 is a Linux kernel vulnerability in the ext4 filesystem's extent-tree correction logic. The flaw allows an unchecked pointer to drift past the end of an index buffer, causing a slab-out-of-bounds read when metadata is corrupted or intentionally crafted. The fix validates the p_idx cursor against EXT_LAST_INDEX() before dereferencing and returns -EFSCORRUPTED if the tree state is invalid. This vulnerability highlights how narrow trust failures in core filesystem machinery can lead to serious issues. Discussions on WindowsForum cover the technical details of the bug, the kernel patch, and its implications for system stability and security.