CVE-2026-23252 (GCVE-0-2026-23252)
Vulnerability from cvelistv5
Published
2026-03-18 17:01
Modified
2026-04-13 06:03
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
xfs: get rid of the xchk_xfile_*_descr calls
The xchk_xfile_*_descr macros call kasprintf, which can fail to allocate
memory if the formatted string is larger than 16 bytes (or whatever the
nofail guarantees are nowadays). Some of them could easily exceed that,
and Jiaming Zhang found a few places where that can happen with syzbot.
The descriptions are debugging aids and aren't required to be unique, so
let's just pass in static strings and eliminate this path to failure.
Note this patch touches a number of commits, most of which were merged
between 6.6 and 6.14.
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/xfs/scrub/agheader_repair.c",
"fs/xfs/scrub/alloc_repair.c",
"fs/xfs/scrub/attr_repair.c",
"fs/xfs/scrub/bmap_repair.c",
"fs/xfs/scrub/common.h",
"fs/xfs/scrub/dir.c",
"fs/xfs/scrub/dir_repair.c",
"fs/xfs/scrub/dirtree.c",
"fs/xfs/scrub/ialloc_repair.c",
"fs/xfs/scrub/nlinks.c",
"fs/xfs/scrub/parent.c",
"fs/xfs/scrub/parent_repair.c",
"fs/xfs/scrub/quotacheck.c",
"fs/xfs/scrub/refcount_repair.c",
"fs/xfs/scrub/rmap_repair.c",
"fs/xfs/scrub/rtbitmap_repair.c",
"fs/xfs/scrub/rtrefcount_repair.c",
"fs/xfs/scrub/rtrmap_repair.c",
"fs/xfs/scrub/rtsummary.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "695455fbc49053cbf555f2f302a5dcd600f412ff",
"status": "affected",
"version": "ab97f4b1c030750f2475bf4da8a9554d02206640",
"versionType": "git"
},
{
"lessThan": "18e9cf2259b4157fd282b323514375f2f6a59edb",
"status": "affected",
"version": "ab97f4b1c030750f2475bf4da8a9554d02206640",
"versionType": "git"
},
{
"lessThan": "2d8afee89262762fe0e5547772708c75f320c957",
"status": "affected",
"version": "ab97f4b1c030750f2475bf4da8a9554d02206640",
"versionType": "git"
},
{
"lessThan": "60382993a2e18041f88c7969f567f168cd3b4de3",
"status": "affected",
"version": "ab97f4b1c030750f2475bf4da8a9554d02206640",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/xfs/scrub/agheader_repair.c",
"fs/xfs/scrub/alloc_repair.c",
"fs/xfs/scrub/attr_repair.c",
"fs/xfs/scrub/bmap_repair.c",
"fs/xfs/scrub/common.h",
"fs/xfs/scrub/dir.c",
"fs/xfs/scrub/dir_repair.c",
"fs/xfs/scrub/dirtree.c",
"fs/xfs/scrub/ialloc_repair.c",
"fs/xfs/scrub/nlinks.c",
"fs/xfs/scrub/parent.c",
"fs/xfs/scrub/parent_repair.c",
"fs/xfs/scrub/quotacheck.c",
"fs/xfs/scrub/refcount_repair.c",
"fs/xfs/scrub/rmap_repair.c",
"fs/xfs/scrub/rtbitmap_repair.c",
"fs/xfs/scrub/rtrefcount_repair.c",
"fs/xfs/scrub/rtrmap_repair.c",
"fs/xfs/scrub/rtsummary.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.10"
},
{
"lessThan": "6.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.78",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.19.*",
"status": "unaffected",
"version": "6.19.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.78",
"versionStartIncluding": "6.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.16",
"versionStartIncluding": "6.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19.6",
"versionStartIncluding": "6.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0",
"versionStartIncluding": "6.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: get rid of the xchk_xfile_*_descr calls\n\nThe xchk_xfile_*_descr macros call kasprintf, which can fail to allocate\nmemory if the formatted string is larger than 16 bytes (or whatever the\nnofail guarantees are nowadays). Some of them could easily exceed that,\nand Jiaming Zhang found a few places where that can happen with syzbot.\n\nThe descriptions are debugging aids and aren\u0027t required to be unique, so\nlet\u0027s just pass in static strings and eliminate this path to failure.\nNote this patch touches a number of commits, most of which were merged\nbetween 6.6 and 6.14."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T06:03:10.789Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/695455fbc49053cbf555f2f302a5dcd600f412ff"
},
{
"url": "https://git.kernel.org/stable/c/18e9cf2259b4157fd282b323514375f2f6a59edb"
},
{
"url": "https://git.kernel.org/stable/c/2d8afee89262762fe0e5547772708c75f320c957"
},
{
"url": "https://git.kernel.org/stable/c/60382993a2e18041f88c7969f567f168cd3b4de3"
}
],
"title": "xfs: get rid of the xchk_xfile_*_descr calls",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23252",
"datePublished": "2026-03-18T17:01:43.223Z",
"dateReserved": "2026-01-13T15:37:45.990Z",
"dateUpdated": "2026-04-13T06:03:10.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…