CVE-2026-23252 (GCVE-0-2026-23252)

Vulnerability from cvelistv5 – Published: 2026-03-18 17:01 – Updated: 2026-03-25 10:20
VLAI?
Title
xfs: get rid of the xchk_xfile_*_descr calls
Summary
In the Linux kernel, the following vulnerability has been resolved: xfs: get rid of the xchk_xfile_*_descr calls The xchk_xfile_*_descr macros call kasprintf, which can fail to allocate memory if the formatted string is larger than 16 bytes (or whatever the nofail guarantees are nowadays). Some of them could easily exceed that, and Jiaming Zhang found a few places where that can happen with syzbot. The descriptions are debugging aids and aren't required to be unique, so let's just pass in static strings and eliminate this path to failure. Note this patch touches a number of commits, most of which were merged between 6.6 and 6.14.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: ab97f4b1c030750f2475bf4da8a9554d02206640 , < 695455fbc49053cbf555f2f302a5dcd600f412ff (git)
Affected: ab97f4b1c030750f2475bf4da8a9554d02206640 , < 18e9cf2259b4157fd282b323514375f2f6a59edb (git)
Affected: ab97f4b1c030750f2475bf4da8a9554d02206640 , < 2d8afee89262762fe0e5547772708c75f320c957 (git)
Affected: ab97f4b1c030750f2475bf4da8a9554d02206640 , < 60382993a2e18041f88c7969f567f168cd3b4de3 (git)
Create a notification for this product.
    Linux Linux Affected: 6.10
Unaffected: 0 , < 6.10 (semver)
Unaffected: 6.12.78 , ≤ 6.12.* (semver)
Unaffected: 6.18.16 , ≤ 6.18.* (semver)
Unaffected: 6.19.6 , ≤ 6.19.* (semver)
Unaffected: 7.0-rc1 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/xfs/scrub/agheader_repair.c",
            "fs/xfs/scrub/alloc_repair.c",
            "fs/xfs/scrub/attr_repair.c",
            "fs/xfs/scrub/bmap_repair.c",
            "fs/xfs/scrub/common.h",
            "fs/xfs/scrub/dir.c",
            "fs/xfs/scrub/dir_repair.c",
            "fs/xfs/scrub/dirtree.c",
            "fs/xfs/scrub/ialloc_repair.c",
            "fs/xfs/scrub/nlinks.c",
            "fs/xfs/scrub/parent.c",
            "fs/xfs/scrub/parent_repair.c",
            "fs/xfs/scrub/quotacheck.c",
            "fs/xfs/scrub/refcount_repair.c",
            "fs/xfs/scrub/rmap_repair.c",
            "fs/xfs/scrub/rtbitmap_repair.c",
            "fs/xfs/scrub/rtrefcount_repair.c",
            "fs/xfs/scrub/rtrmap_repair.c",
            "fs/xfs/scrub/rtsummary.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "695455fbc49053cbf555f2f302a5dcd600f412ff",
              "status": "affected",
              "version": "ab97f4b1c030750f2475bf4da8a9554d02206640",
              "versionType": "git"
            },
            {
              "lessThan": "18e9cf2259b4157fd282b323514375f2f6a59edb",
              "status": "affected",
              "version": "ab97f4b1c030750f2475bf4da8a9554d02206640",
              "versionType": "git"
            },
            {
              "lessThan": "2d8afee89262762fe0e5547772708c75f320c957",
              "status": "affected",
              "version": "ab97f4b1c030750f2475bf4da8a9554d02206640",
              "versionType": "git"
            },
            {
              "lessThan": "60382993a2e18041f88c7969f567f168cd3b4de3",
              "status": "affected",
              "version": "ab97f4b1c030750f2475bf4da8a9554d02206640",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/xfs/scrub/agheader_repair.c",
            "fs/xfs/scrub/alloc_repair.c",
            "fs/xfs/scrub/attr_repair.c",
            "fs/xfs/scrub/bmap_repair.c",
            "fs/xfs/scrub/common.h",
            "fs/xfs/scrub/dir.c",
            "fs/xfs/scrub/dir_repair.c",
            "fs/xfs/scrub/dirtree.c",
            "fs/xfs/scrub/ialloc_repair.c",
            "fs/xfs/scrub/nlinks.c",
            "fs/xfs/scrub/parent.c",
            "fs/xfs/scrub/parent_repair.c",
            "fs/xfs/scrub/quotacheck.c",
            "fs/xfs/scrub/refcount_repair.c",
            "fs/xfs/scrub/rmap_repair.c",
            "fs/xfs/scrub/rtbitmap_repair.c",
            "fs/xfs/scrub/rtrefcount_repair.c",
            "fs/xfs/scrub/rtrmap_repair.c",
            "fs/xfs/scrub/rtsummary.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.10"
            },
            {
              "lessThan": "6.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.78",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0-rc1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.78",
                  "versionStartIncluding": "6.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.16",
                  "versionStartIncluding": "6.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.6",
                  "versionStartIncluding": "6.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0-rc1",
                  "versionStartIncluding": "6.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: get rid of the xchk_xfile_*_descr calls\n\nThe xchk_xfile_*_descr macros call kasprintf, which can fail to allocate\nmemory if the formatted string is larger than 16 bytes (or whatever the\nnofail guarantees are nowadays).  Some of them could easily exceed that,\nand Jiaming Zhang found a few places where that can happen with syzbot.\n\nThe descriptions are debugging aids and aren\u0027t required to be unique, so\nlet\u0027s just pass in static strings and eliminate this path to failure.\nNote this patch touches a number of commits, most of which were merged\nbetween 6.6 and 6.14."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-25T10:20:37.179Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/695455fbc49053cbf555f2f302a5dcd600f412ff"
        },
        {
          "url": "https://git.kernel.org/stable/c/18e9cf2259b4157fd282b323514375f2f6a59edb"
        },
        {
          "url": "https://git.kernel.org/stable/c/2d8afee89262762fe0e5547772708c75f320c957"
        },
        {
          "url": "https://git.kernel.org/stable/c/60382993a2e18041f88c7969f567f168cd3b4de3"
        }
      ],
      "title": "xfs: get rid of the xchk_xfile_*_descr calls",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-23252",
    "datePublished": "2026-03-18T17:01:43.223Z",
    "dateReserved": "2026-01-13T15:37:45.990Z",
    "dateUpdated": "2026-03-25T10:20:37.179Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-23252\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-03-18T18:16:23.233\",\"lastModified\":\"2026-03-25T11:16:20.723\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nxfs: get rid of the xchk_xfile_*_descr calls\\n\\nThe xchk_xfile_*_descr macros call kasprintf, which can fail to allocate\\nmemory if the formatted string is larger than 16 bytes (or whatever the\\nnofail guarantees are nowadays).  Some of them could easily exceed that,\\nand Jiaming Zhang found a few places where that can happen with syzbot.\\n\\nThe descriptions are debugging aids and aren\u0027t required to be unique, so\\nlet\u0027s just pass in static strings and eliminate this path to failure.\\nNote this patch touches a number of commits, most of which were merged\\nbetween 6.6 and 6.14.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\\n\\nxfs: eliminar las llamadas a xchk_xfile_*_descr\\n\\nLas macros xchk_xfile_*_descr llaman a kasprintf, lo que puede fallar al asignar memoria si la cadena formateada es mayor de 16 bytes (o cualesquiera que sean las garant\u00edas de nofail hoy en d\u00eda). Algunas de ellas podr\u00edan exceder f\u00e1cilmente eso, y Jiaming Zhang encontr\u00f3 algunos lugares donde eso puede ocurrir con syzbot.\\n\\nLas descripciones son ayudas de depuraci\u00f3n y no se requiere que sean \u00fanicas, as\u00ed que simplemente pasemos cadenas est\u00e1ticas y eliminemos esta ruta de fallo. N\u00f3tese que este parche afecta a varios commits, la mayor\u00eda de los cuales fueron fusionados entre 6.6 y 6.14.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/18e9cf2259b4157fd282b323514375f2f6a59edb\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/2d8afee89262762fe0e5547772708c75f320c957\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/60382993a2e18041f88c7969f567f168cd3b4de3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/695455fbc49053cbf555f2f302a5dcd600f412ff\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.