VYPR
Medium severity5.5NVD Advisory· Published Mar 18, 2026· Updated Jun 1, 2026

CVE-2026-23252

CVE-2026-23252

Description

In the Linux kernel, the following vulnerability has been resolved:

xfs: get rid of the xchk_xfile_*_descr calls

The xchk_xfile_*_descr macros call kasprintf, which can fail to allocate memory if the formatted string is larger than 16 bytes (or whatever the nofail guarantees are nowadays). Some of them could easily exceed that, and Jiaming Zhang found a few places where that can happen with syzbot.

The descriptions are debugging aids and aren't required to be unique, so let's just pass in static strings and eliminate this path to failure. Note this patch touches a number of commits, most of which were merged between 6.6 and 6.14.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Linux/Kernel3 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=6.10,<6.12.78
    • (no CPE)
    • (no CPE)range: 6.10
  • osv-coords
    Range: >= 6.10.0, < 6.12.78

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.