CVE-2026-23252
Memory Allocation Failure in Linux Kernel XFS Debugging Macros
Publication date: 2026-03-18
Last updated on: 2026-03-25
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 6.6 (inc) to 6.14 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's xfs filesystem code. It involves the use of xchk_xfile_*_descr macros that call the kasprintf function to allocate memory for formatted strings. If the formatted string exceeds 16 bytes or the current nofail guarantees, kasprintf can fail to allocate memory. This failure can occur because some descriptions used for debugging can be larger than expected. The vulnerability was identified by Jiaming Zhang using syzbot. The fix involved replacing these dynamic allocations with static strings to eliminate the risk of memory allocation failure.
How can this vulnerability impact me? :
The vulnerability can cause memory allocation failures during debugging operations in the xfs filesystem code. Since the descriptions are debugging aids and not required to be unique, failure to allocate memory for these strings could potentially lead to unexpected behavior or crashes during debugging or filesystem checks. However, the impact is limited to debugging contexts and does not affect normal filesystem operations.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know