CVE-2026-23252Linux vulnerability

8 documents7 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 93.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxLinux Kernel
Timeline
PublishedMar 18

Description

In the Linux kernel, the following vulnerability has been resolved: xfs: get rid of the xchk_xfile_*_descr calls The xchk_xfile_*_descr macros call kasprintf, which can fail to allocate memory if the formatted string is larger than 16 bytes (or whatever the nofail guarantees are nowadays). Some of them could easily exceed that, and Jiaming Zhang found a few places where that can happen with syzbot. The descriptions are debugging aids and aren't required to be unique, so let's just pass in sta

Affected Packages3 packages

Linuxlinux/linux_kernel6.10.06.12.78+2
Debianlinux/linux_kernel< 6.19.6-1
CVEListV5linux/linuxab97f4b1c030750f2475bf4da8a9554d02206640695455fbc49053cbf555f2f302a5dcd600f412ff+4

🔴Vulnerability Details

4
OSV
xfs: get rid of the xchk_xfile_*_descr calls2026-03-18
CVEList
xfs: get rid of the xchk_xfile_*_descr calls2026-03-18
GHSA
GHSA-m267-vw57-h3jp: In the Linux kernel, the following vulnerability has been resolved: xfs: get rid of the xchk_xfile_*_descr calls The xchk_xfile_*_descr macros call2026-03-18
OSV
CVE-2026-23252: In the Linux kernel, the following vulnerability has been resolved: xfs: get rid of the xchk_xfile_*_descr calls The xchk_xfile_*_descr macros call ka2026-03-18

📋Vendor Advisories

2
Red Hat
kernel: xfs: get rid of the xchk_xfile_*_descr calls2026-03-18
Debian
CVE-2026-23252: linux - In the Linux kernel, the following vulnerability has been resolved: xfs: get ri...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23252 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23252 — Linux vulnerability | cvebase