Impact
The kernel processes an ADFS image with nzones set to zero during boot block validation, causing adfs_read_map() to call kmalloc_array with a size of 0, which returns a zero-size pointer. Subsequent code in adfs_map_layout() writes to dm[-1], an out-of-bounds location that corrupts kernel memory or can crash the system. This is a classic buffer overflow (CWE-124) weakness that can potentially be exploited to gain elevated privileges if the attacker can influence the result of the write.
Affected Systems
Any Linux kernel configuration that supports ADFS file system images is potentially vulnerable. The CVE does not specify kernel versions, so all kernels that have not been updated with the patch that adds the nzones check are affected.
Risk and Exploitability
Based on the description, it is inferred that the likely attack vector involves booting from a crafted ADFS image or manipulating system startup to load a manipulated image, as the vulnerability triggers during boot block validation. The reported EPSS score of < 1% suggests that exploitation attempts are currently rare, and the vulnerability is not listed in the CISA KEV catalog. The out‑of‑bounds write could lead to kernel memory corruption, potentially allowing an attacker who can deliver a malicious image to gain elevated privileges or execute arbitrary code if additional exploitation steps succeed.
OpenCVE Enrichment
Debian DLA