What is GHSA-9pgh-55q5-rvp6?

GHSA-9pgh-55q5-rvp6 is a security advisory published by GitHub Security Advisories with Medium severity. In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix NULL...

Which CVE IDs does GHSA-9pgh-55q5-rvp6 cover?

GHSA-9pgh-55q5-rvp6 covers the following CVE IDs: CVE-2026-31577. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-9pgh-55q5-rvp6?

GHSA-9pgh-55q5-rvp6 has a CVSS v3 base score of 5.5, published by GitHub Security Advisories.

GHSA-9pgh-55q5-rvp6MediumCVSS 5.5

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix NULL...

Vendor

GitHub Security Advisories

Published

April 24, 2026

Last Modified

June 1, 2026

🔗 CVE IDs covered (1)

CVE-2026-31577 →

📋 Description

In the Linux kernel, the following vulnerability has been resolved:

nilfs2: fix NULL i_assoc_inode dereference in nilfs_mdt_save_to_shadow_map

The DAT inode's btree node cache (i_assoc_inode) is initialized lazily during btree operations. However, nilfs_mdt_save_to_shadow_map() assumes i_assoc_inode is already initialized when copying dirty pages to the shadow map during GC.

If NILFS_IOCTL_CLEAN_SEGMENTS is called immediately after mount before any btree operation has occurred on the DAT inode, i_assoc_inode is NULL leading to a general protection fault.

Fix this by calling nilfs_attach_btree_node_cache() on the DAT inode in nilfs_dat_read() at mount time, ensuring i_assoc_inode is always initialized before any GC operation can use it.

🔗 CVE IDs covered (1)

📋 Description

🔗 References (11)