Skip to main content

Linux CVE-2026-23252

| EUVDEUVD-2026-12858 MEDIUM
2026-03-18 Linux
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
CVSS changed
Jun 01, 2026 - 14:22 NVD
5.5 (MEDIUM)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 18, 2026 - 17:30 euvd
EUVD-2026-12858
Analysis Generated
Mar 18, 2026 - 17:30 vuln.today
CVE Published
Mar 18, 2026 - 17:01 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

xfs: get rid of the xchk_xfile_*_descr calls

The xchk_xfile_*_descr macros call kasprintf, which can fail to allocate memory if the formatted string is larger than 16 bytes (or whatever the nofail guarantees are nowadays). Some of them could easily exceed that, and Jiaming Zhang found a few places where that can happen with syzbot.

The descriptions are debugging aids and aren't required to be unique, so let's just pass in static strings and eliminate this path to failure. Note this patch touches a number of commits, most of which were merged between 6.6 and 6.14.

AnalysisAI

A memory allocation failure vulnerability exists in the Linux kernel's XFS filesystem checking code where the xchk_xfile_*_descr macros call kasprintf with formatted strings that can exceed safe allocation limits, leading to potential denial of service or information disclosure. This affects Linux kernel versions 6.6 through 6.14 and later releases including 6.18.16, 6.19.6, and 7.0-rc1, with the vulnerability discoverable through syzbot fuzzing by researcher Jiaming Zhang. While no active exploitation has been confirmed, the issue represents a path to failure in a core filesystem validation component that could be triggered by malicious or malformed filesystem structures.

Technical ContextAI

The vulnerability resides in the XFS (X File System) filesystem checking infrastructure within the Linux kernel, specifically in the xchk_xfile_*_descr debugging macros that generate descriptive strings for filesystem checker operations. These macros utilize kasprintf, a kernel memory allocation function that can fail when the formatted string output exceeds internal buffer limitations (typically around 16 bytes in nofail guarantee scenarios). The root cause relates to unbounded string formatting without proper length validation or error handling for allocation failures. The affected CPE is cpe:2.3:a:linux:linux, indicating this impacts the core Linux kernel across multiple versions. The vulnerability class involves resource exhaustion and improper error handling in memory allocation paths, potentially classified under CWE-400 (Uncontrolled Resource Consumption) or CWE-190 (Integer Overflow or Wraparound) if allocation size calculations overflow.

RemediationAI

Apply the Linux kernel security patch by upgrading to a kernel version containing commits 18e9cf2259b4157fd282b323514375f2f6a59edb, 2d8afee89262762fe0e5547772708c75f320c957, or 60382993a2e18041f88c7969f567f168cd3b4de3, available via https://git.kernel.org/stable/c/18e9cf2259b4157fd282b323514375f2f6a59edb and related stable branch updates. For Linux distributions, apply kernel updates from your vendor (Red Hat, Ubuntu, SUSE, etc.) that incorporate these XFS patches into stable release kernels. Interim mitigation involves disabling XFS filesystem checking utilities (xfs_repair, xfs_check) from untrusted inputs and restricting filesystem operations to trusted administrators only. Systems exclusively using ext4 or other non-XFS filesystems are not affected and require no action.

Vendor StatusVendor

Debian

linux
Release Status Fixed Version Urgency
bullseye not-affected - -
bullseye (security) fixed 5.10.251-1 -
bookworm not-affected - -
bookworm (security) fixed 6.1.164-1 -
trixie vulnerable 6.12.73-1 -
trixie (security) vulnerable 6.12.74-2 -
forky fixed 6.19.6-2 -
sid fixed 6.19.8-1 -
(unstable) fixed 6.19.6-1 -

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-23252 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy