Description

In the Linux kernel, the following vulnerability has been resolved: xfs: get rid of the xchk_xfile_*_descr calls The xchk_xfile_*_descr macros call kasprintf, which can fail to allocate memory if the formatted string is larger than 16 bytes (or whatever the nofail guarantees are nowadays). Some of them could easily exceed that, and Jiaming Zhang found a few places where that can happen with syzbot. The descriptions are debugging aids and aren't required to be unique, so let's just pass in static strings and eliminate this path to failure. Note this patch touches a number of commits, most of which were merged between 6.6 and 6.14.

INFO

Published Date :

2026-03-18T17:01:43.223Z

Last Modified :

2026-04-13T06:03:10.789Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2026-23252 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-23252.

URL Resource
https://git.kernel.org/stable/c/18e9cf2259b4157fd282b323514375f2f6a59edb cve-icon cve-icon
https://git.kernel.org/stable/c/2d8afee89262762fe0e5547772708c75f320c957 cve-icon cve-icon
https://git.kernel.org/stable/c/60382993a2e18041f88c7969f567f168cd3b4de3 cve-icon cve-icon
https://git.kernel.org/stable/c/695455fbc49053cbf555f2f302a5dcd600f412ff cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2026031846-CVE-2026-23252-6bef@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-23252 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-23252 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact