CVE-2026-23252
MEDIUM EPSS 2.3%
Published Mar 18, 20263mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Published Mar 18, 2026 3mo ago
Last Modified Jun 17, 2026 1w ago
Description
In the Linux kernel, the following vulnerability has been resolved: xfs: get rid of the xchk_xfile_*_descr calls The xchk_xfile_*_descr macros call kasprintf, which can fail to allocate memory if the formatted string is larger than 16 bytes (or whatever the nofail guarantees are nowadays). Some of them could easily exceed that, and Jiaming Zhang found a few places where that can happen with syzbot. The descriptions are debugging aids and aren't required to be unique, so let's just pass in static strings and eliminate this path to failure. Note this patch touches a number of commits, most of which were merged between 6.6 and 6.14.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
2.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 3
References 4
- git.kernel.org https://git.kernel.org/stable/c/18e9cf2259b4157fd282b323514375f2f6a59edb
- git.kernel.org https://git.kernel.org/stable/c/2d8afee89262762fe0e5547772708c75f320c957
- git.kernel.org https://git.kernel.org/stable/c/60382993a2e18041f88c7969f567f168cd3b4de3
- git.kernel.org https://git.kernel.org/stable/c/695455fbc49053cbf555f2f302a5dcd600f412ff
Remediation
- git.kernel.org https://git.kernel.org/stable/c/18e9cf2259b4157fd282b323514375f2f6a59edb
- git.kernel.org https://git.kernel.org/stable/c/2d8afee89262762fe0e5547772708c75f320c957
- git.kernel.org https://git.kernel.org/stable/c/60382993a2e18041f88c7969f567f168cd3b4de3
- git.kernel.org https://git.kernel.org/stable/c/695455fbc49053cbf555f2f302a5dcd600f412ff