CVE-2026-52992
ANALYSIS PENDINGfs/adfs: validate nzones in adfs_validate_bblk()
Title source: cnaDescription
In the Linux kernel, the following vulnerability has been resolved: fs/adfs: validate nzones in adfs_validate_bblk() Reject ADFS disc records with a zero zone count during boot block validation, before the disc record is used. When nzones is 0, adfs_read_map() passes it to kmalloc_array(0, ...) which returns ZERO_SIZE_PTR, and adfs_map_layout() then writes to dm[-1], causing an out-of-bounds write before the allocated buffer. adfs_validate_dr0() already rejects nzones != 1 for old-format images. Add the equivalent check to adfs_validate_bblk() for new-format images so that a crafted image with nzones == 0 is rejected at probe time. Found by syzkaller.
References (8)
Core 8
Core References
Scores
EPSS
0.0018
EPSS Percentile
8.2%
Details
Status
published
Products (25)
linux/Kernel
5.11.0 - 5.15.209linux
linux/Kernel
5.16.0 - 6.1.175linux
linux/Kernel
5.6.0 - 5.10.258linux
linux/Kernel
6.13.0 - 6.18.33linux
linux/Kernel
6.19.0 - 7.0.10linux
linux/Kernel
6.2.0 - 6.6.141linux
linux/Kernel
6.7.0 - 6.12.91linux
Linux/Linux
< 5.6
Linux/Linux
5.10.258 - 5.10.*
Linux/Linux
5.15.209 - 5.15.*
... and 15 more
Published
Jun 24, 2026
Tracked Since
Jun 24, 2026