CVE-2026-23252 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-23252 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: xfs: get rid of the xchk_xfile_*_descr calls The xchk_xfile_*_descr macros call kasprintf, which can fail to allocate memory if the formatted string is larger than 16 bytes (or whatever the nofail guarantees are nowadays). Some of them could easily exceed that, and Jiaming Zhang found a few places where that can happen with syzbot. The descriptions are debugging aids and aren't required to be unique, so let's just pass in static strings and eliminate this path to failure. Note this patch touches a number of commits, most of which were merged between 6.6 and 6.14.

EPSS 0.02% · 6.1th percentile

Risk Scores

EPSS Score

0.02%

6.1th percentile

Affected Products

Vendor	Product	Versions
Linux	Linux	ab97f4b1c030750f2475bf4da8a9554d02206640, ab97f4b1c030750f2475bf4da8a9554d02206640, ab97f4b1c030750f2475bf4da8a9554d02206640
linux	linux_kernel	6.10, 6.10, 6.10

Timeline

Mar 18, 2026 CVE Published
Mar 19, 2026 EPSS Score
Mar 20, 2026 EPSS Score
Mar 21, 2026 EPSS Score
Mar 22, 2026 EPSS Score
Mar 22, 2026 Coalition ESS Score
Mar 23, 2026 EPSS Score
Mar 24, 2026 EPSS Score
Mar 25, 2026 EPSS Score
Mar 29, 2026 Security Advisory
Apr 13, 2026 CVE Updated

References

Open in Interactive Console →