Description
In the Linux kernel, the following vulnerability has been resolved:

xfs: get rid of the xchk_xfile_*_descr calls

The xchk_xfile_*_descr macros call kasprintf, which can fail to allocate
memory if the formatted string is larger than 16 bytes (or whatever the
nofail guarantees are nowadays). Some of them could easily exceed that,
and Jiaming Zhang found a few places where that can happen with syzbot.

The descriptions are debugging aids and aren't required to be unique, so
let's just pass in static strings and eliminate this path to failure.
Note this patch touches a number of commits, most of which were merged
between 6.6 and 6.14.
Published: 2026-03-18
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Potential Kernel Crash via Unhandled Memory Allocation Failure
Action: Upgrade Kernel
AI Analysis

Impact

The vulnerability arises from XFS debug macros that invoke kasprintf to format strings. When a formatted string exceeds the limited size and memory allocation fails, the macros do not handle the null return value. The description lists this scenario as a risk, and it is inferred that such a failure could lead to a null-pointer dereference, possibly resulting in a kernel crash and causing a denial of service.

Affected Systems

Linux kernels that include the XFS filesystem code before the patch is merged are potentially affected. The fix was incorporated into commits merged between kernel releases 6.6 and 6.14, so any system running those or earlier kernels that still use the XFS debug paths may be vulnerable.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, and the EPSS score of less than 1% suggests a low probability of exploitation. The vulnerability is likely limited to local kernel execution; an attacker would need to trigger XFS operations that invoke the affected debug macros. The KEV catalog does not list this CVE, further implying limited real‑world exploitation potential. Because the attack vector relies on local code paths within the kernel, remote exploitation is not indicated.

Generated by OpenCVE AI on March 27, 2026 at 22:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that includes the XFS debug macro patch, such as 6.14 or later.
  • Verify that the system is running the updated kernel and confirm that the XFS module has been reloaded.
  • If an immediate kernel upgrade is not feasible, monitor vendor release notes and apply subsequent patches as they become available.

Generated by OpenCVE AI on March 27, 2026 at 22:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 29 Mar 2026 20:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400
CWE-690

Fri, 27 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476
CWE-665

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476
CWE-665

Thu, 26 Mar 2026 12:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-190
CWE-252

Wed, 25 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
References

Tue, 24 Mar 2026 13:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-190
CWE-252

Thu, 19 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Wed, 18 Mar 2026 17:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: xfs: get rid of the xchk_xfile_*_descr calls The xchk_xfile_*_descr macros call kasprintf, which can fail to allocate memory if the formatted string is larger than 16 bytes (or whatever the nofail guarantees are nowadays). Some of them could easily exceed that, and Jiaming Zhang found a few places where that can happen with syzbot. The descriptions are debugging aids and aren't required to be unique, so let's just pass in static strings and eliminate this path to failure. Note this patch touches a number of commits, most of which were merged between 6.6 and 6.14.
Title xfs: get rid of the xchk_xfile_*_descr calls
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-04-13T06:03:10.789Z

Reserved: 2026-01-13T15:37:45.990Z

Link: CVE-2026-23252

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-18T18:16:23.233

Modified: 2026-03-25T11:16:20.723

Link: CVE-2026-23252

cve-icon Redhat

Severity : Low

Publid Date: 2026-03-18T00:00:00Z

Links: CVE-2026-23252 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-29T20:29:04Z

Weaknesses