CVE-2026-23252

EPSS 0.03%
Veröffentlicht 18.03.2026 17:01:43
Zuletzt bearbeitet 25.03.2026 11:16:20
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

xfs: get rid of the xchk_xfile_*_descr calls

In the Linux kernel, the following vulnerability has been resolved:

xfs: get rid of the xchk_xfile_*_descr calls

The xchk_xfile_*_descr macros call kasprintf, which can fail to allocate
memory if the formatted string is larger than 16 bytes (or whatever the
nofail guarantees are nowadays).  Some of them could easily exceed that,
and Jiaming Zhang found a few places where that can happen with syzbot.

The descriptions are debugging aids and aren't required to be unique, so
let's just pass in static strings and eliminate this path to failure.
Note this patch touches a number of commits, most of which were merged
between 6.6 and 6.14.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 7

CNA 2 VulnDex Vulnerability Enrichment 5

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version ab97f4b1c030750f2475bf4da8a9554d02206640

Version < 695455fbc49053cbf555f2f302a5dcd600f412ff

Status affected

Version ab97f4b1c030750f2475bf4da8a9554d02206640

Version < 18e9cf2259b4157fd282b323514375f2f6a59edb

Status affected

Version ab97f4b1c030750f2475bf4da8a9554d02206640

Version < 2d8afee89262762fe0e5547772708c75f320c957

Status affected

Version ab97f4b1c030750f2475bf4da8a9554d02206640

Version < 60382993a2e18041f88c7969f567f168cd3b4de3

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.10

Status affected

Version 0

Version < 6.10

Status unaffected

Version <= 6.12.*

Version 6.12.78

Status unaffected

Version <= 6.18.*

Version 6.18.16

Status unaffected

Version <= 6.19.*

Version 6.19.6

Status unaffected

Version <= *

Version 7.0

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.071

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/18e9cf2259b4157fd282b323514375f2f6a59edb

https://git.kernel.org/stable/c/2d8afee89262762fe0e5547772708c75f320c957

https://git.kernel.org/stable/c/60382993a2e18041f88c7969f567f168cd3b4de3

https://git.kernel.org/stable/c/695455fbc49053cbf555f2f302a5dcd600f412ff

https://nvd.nist.gov/vuln/detail/CVE-2026-23252

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-23252

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-23252

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-23252