{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23252", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.990Z", "datePublished": "2026-03-18T17:01:43.223Z", "dateUpdated": "2026-03-18T17:01:43.223Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-03-18T17:01:43.223Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: get rid of the xchk_xfile_*_descr calls\n\nThe xchk_xfile_*_descr macros call kasprintf, which can fail to allocate\nmemory if the formatted string is larger than 16 bytes (or whatever the\nnofail guarantees are nowadays). Some of them could easily exceed that,\nand Jiaming Zhang found a few places where that can happen with syzbot.\n\nThe descriptions are debugging aids and aren't required to be unique, so\nlet's just pass in static strings and eliminate this path to failure.\nNote this patch touches a number of commits, most of which were merged\nbetween 6.6 and 6.14."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/xfs/scrub/agheader_repair.c", "fs/xfs/scrub/alloc_repair.c", "fs/xfs/scrub/attr_repair.c", "fs/xfs/scrub/bmap_repair.c", "fs/xfs/scrub/common.h", "fs/xfs/scrub/dir.c", "fs/xfs/scrub/dir_repair.c", "fs/xfs/scrub/dirtree.c", "fs/xfs/scrub/ialloc_repair.c", "fs/xfs/scrub/nlinks.c", "fs/xfs/scrub/parent.c", "fs/xfs/scrub/parent_repair.c", "fs/xfs/scrub/quotacheck.c", "fs/xfs/scrub/refcount_repair.c", "fs/xfs/scrub/rmap_repair.c", "fs/xfs/scrub/rtbitmap_repair.c", "fs/xfs/scrub/rtrefcount_repair.c", "fs/xfs/scrub/rtrmap_repair.c", "fs/xfs/scrub/rtsummary.c"], "versions": [{"version": "ab97f4b1c030750f2475bf4da8a9554d02206640", "lessThan": "18e9cf2259b4157fd282b323514375f2f6a59edb", "status": "affected", "versionType": "git"}, {"version": "ab97f4b1c030750f2475bf4da8a9554d02206640", "lessThan": "2d8afee89262762fe0e5547772708c75f320c957", "status": "affected", "versionType": "git"}, {"version": "ab97f4b1c030750f2475bf4da8a9554d02206640", "lessThan": "60382993a2e18041f88c7969f567f168cd3b4de3", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/xfs/scrub/agheader_repair.c", "fs/xfs/scrub/alloc_repair.c", "fs/xfs/scrub/attr_repair.c", "fs/xfs/scrub/bmap_repair.c", "fs/xfs/scrub/common.h", "fs/xfs/scrub/dir.c", "fs/xfs/scrub/dir_repair.c", "fs/xfs/scrub/dirtree.c", "fs/xfs/scrub/ialloc_repair.c", "fs/xfs/scrub/nlinks.c", "fs/xfs/scrub/parent.c", "fs/xfs/scrub/parent_repair.c", "fs/xfs/scrub/quotacheck.c", "fs/xfs/scrub/refcount_repair.c", "fs/xfs/scrub/rmap_repair.c", "fs/xfs/scrub/rtbitmap_repair.c", "fs/xfs/scrub/rtrefcount_repair.c", "fs/xfs/scrub/rtrmap_repair.c", "fs/xfs/scrub/rtsummary.c"], "versions": [{"version": "6.10", "status": "affected"}, {"version": "0", "lessThan": "6.10", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.16", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.6", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.10", "versionEndExcluding": "6.18.16"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.10", "versionEndExcluding": "6.19.6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.10", "versionEndExcluding": "7.0-rc1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/18e9cf2259b4157fd282b323514375f2f6a59edb"}, {"url": "https://git.kernel.org/stable/c/2d8afee89262762fe0e5547772708c75f320c957"}, {"url": "https://git.kernel.org/stable/c/60382993a2e18041f88c7969f567f168cd3b4de3"}], "title": "xfs: get rid of the xchk_xfile_*_descr calls", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: get rid of the xchk_xfile_*_descr calls\n\nThe xchk_xfile_*_descr macros call kasprintf, which can fail to allocate\nmemory if the formatted string is larger than 16 bytes (or whatever the\nnofail guarantees are nowadays). Some of them could easily exceed that,\nand Jiaming Zhang found a few places where that can happen with syzbot.\n\nThe descriptions are debugging aids and aren't required to be unique, so\nlet's just pass in static strings and eliminate this path to failure.\nNote this patch touches a number of commits, most of which were merged\nbetween 6.6 and 6.14."}], "id": "CVE-2026-23252", "lastModified": "2026-03-18T18:16:23.233", "metrics": {}, "published": "2026-03-18T18:16:23.233", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/18e9cf2259b4157fd282b323514375f2f6a59edb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2d8afee89262762fe0e5547772708c75f320c957"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/60382993a2e18041f88c7969f567f168cd3b4de3"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{}

{}