CVE-2026-52992

UNKNOWN 0.0

fs/adfs: validate nzones in adfs_validate_bblk()

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: fs/adfs: validate nzones in adfs_validate_bblk() Reject ADFS disc records with a zero zone count during boot block validation, before the disc record is used. When nzones is 0, adfs_read_map() passes it to kmalloc_array(0, ...) which returns ZERO_SIZE_PTR, and adfs_map_layout() then writes to dm[-1], causing an out-of-bounds write before the allocated buffer. adfs_validate_dr0() already rejects nzones != 1 for old-format images. Add the equivalent check to adfs_validate_bblk() for new-format images so that a crafted image with nzones == 0 is rejected at probe time. Found by syzkaller.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Jun 24, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

f6f14a0d71b0773a1d4147d1a3c33d537cd213ab < 33aafd2418a59c96c0389d47ea09026661fa9ec6 f6f14a0d71b0773a1d4147d1a3c33d537cd213ab < 1f0ed0f57f0fc87e46fe19a05435c214dc464be2 f6f14a0d71b0773a1d4147d1a3c33d537cd213ab < 6ff8cca5cdb4f2e0ea6d28ecd78479dd3f221ebc f6f14a0d71b0773a1d4147d1a3c33d537cd213ab < a11372a8b1ceaa5e950a84b3b5fbf8228f25e277 f6f14a0d71b0773a1d4147d1a3c33d537cd213ab < 1586bd2d2fb436a26df20a70e78b000d34a7d159 f6f14a0d71b0773a1d4147d1a3c33d537cd213ab < a3fd5dc1c7b0aae947a67dc2e2c037d57557a4de f6f14a0d71b0773a1d4147d1a3c33d537cd213ab < 60d82592ac8b5637fbed871381eb0a16df0a492e f6f14a0d71b0773a1d4147d1a3c33d537cd213ab < dd9d3e16c2d5fa166e13dce07413be51f42c8f5d

Linux / Linux

5.6

References

NVD ↗ CVE.org ↗ EPSS Data ↗