CVE Catalog

CVE-2026-52992

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.14%

4th percentile - higher than 4% of all known CVEs

Summary

In the Linux kernel, a vulnerability in the ADFS filesystem lacks validation of the zone count (nzones) in adfs_validate_bblk(), leading to an out-of-bounds write. A crafted disk image with zero zones triggers kmalloc_array(0, ...) returning ZERO_SIZE_PTR, followed by a write before the allocated buffer.

Risk Assessment

The risk includes potential remote code execution or system crash when mounting a malicious ADFS image. This could be exploited for privilege escalation or system destabilization.

Recommendation

Immediately update the Linux kernel to a version containing the fix (commit adding nzones validation in adfs_validate_bblk()). Avoid mounting ADFS images from untrusted sources until patched.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: fs/adfs: validate nzones in adfs_validate_bblk() Reject ADFS disc records with a zero zone count during boot block validation, before the disc record is used. When nzones is 0, adfs_read_map() passes it to kmalloc_array(0, ...) which returns ZERO_SIZE_PTR, and adfs_map_layout() then writes to dm[-1], causing an out-of-bounds write before the allocated buffer. adfs_validate_dr0() already rejects nzones != 1 for old-format images. Add the equivalent check to adfs_validate_bblk() for new-format images so that a crafted image with nzones == 0 is rejected at probe time. Found by syzkaller.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS