Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: xfs: get rid of the xchk_xfile_*_descr calls The xchk_xfile_*_descr macros call kasprintf, which can fail to allocate memory if the formatted string is larger than 16 bytes (or whatever the nofail guarantees are nowadays). Some of them could easily exceed that, and Jiaming Zhang found a few places where that can happen with syzbot. The descriptions are debugging aids and aren't required to be unique, so let's just pass in static strings and eliminate this path to failure. Note this patch touches a number of commits, most of which were merged between 6.6 and 6.14.
References
- https://git.kernel.org/stable/c/18e9cf2259b4157fd282b323514375f2f6a59edb
- https://git.kernel.org/stable/c/2d8afee89262762fe0e5547772708c75f320c957
- https://git.kernel.org/stable/c/60382993a2e18041f88c7969f567f168cd3b4de3
- https://git.kernel.org/stable/c/695455fbc49053cbf555f2f302a5dcd600f412ff
FAQ
What is CVE-2026-23252?
CVE-2026-23252 is a documented vulnerability. In the Linux kernel, the following vulnerability has been resolved: xfs: get rid of the xchk_xfile_*_descr calls The xchk_xfile_*_descr macros call kasprintf, which can fail to allocate memory if th...
How severe is CVE-2026-23252?
CVSS scoring is not yet available for CVE-2026-23252. Check NVD for updates.
Is there a patch for CVE-2026-23252?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.