CVE-2026-52992

Source
https://cve.org/CVERecord?id=CVE-2026-52992
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-52992.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-52992
Downstream
Published
2026-06-24T16:29:05.592Z
Modified
2026-07-08T08:13:44.748734838Z
Summary
fs/adfs: validate nzones in adfs_validate_bblk()
Details

In the Linux kernel, the following vulnerability has been resolved:

fs/adfs: validate nzones in adfsvalidatebblk()

Reject ADFS disc records with a zero zone count during boot block validation, before the disc record is used.

When nzones is 0, adfsreadmap() passes it to kmallocarray(0, ...) which returns ZEROSIZEPTR, and adfsmap_layout() then writes to dm[-1], causing an out-of-bounds write before the allocated buffer.

adfsvalidatedr0() already rejects nzones != 1 for old-format images. Add the equivalent check to adfsvalidatebblk() for new-format images so that a crafted image with nzones == 0 is rejected at probe time.

Found by syzkaller.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/52xxx/CVE-2026-52992.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
f6f14a0d71b0773a1d4147d1a3c33d537cd213ab
Fixed
33aafd2418a59c96c0389d47ea09026661fa9ec6
Fixed
1f0ed0f57f0fc87e46fe19a05435c214dc464be2
Fixed
6ff8cca5cdb4f2e0ea6d28ecd78479dd3f221ebc
Fixed
a11372a8b1ceaa5e950a84b3b5fbf8228f25e277
Fixed
1586bd2d2fb436a26df20a70e78b000d34a7d159
Fixed
a3fd5dc1c7b0aae947a67dc2e2c037d57557a4de
Fixed
60d82592ac8b5637fbed871381eb0a16df0a492e
Fixed
dd9d3e16c2d5fa166e13dce07413be51f42c8f5d

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-52992.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.6.0
Fixed
5.10.258
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.209
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.175
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.141
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.91
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.33
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.10

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-52992.json"