CVE-2026-43166

A flaw was found in the Linux kernel's erofs filesystem. This vulnerability allows an attacker to trigger an out-of-bounds (OOB) read by providing a specially crafted compressed image. The flaw occurs due to incorrect identification of interlaced plain extents when their start position or on-disk physical length is not aligned to the block size. A successful exploit could lead to information disclosure or a denial of service.