In the Linux kernel, the following vulnerability has been resolved:
fs/adfs: validate nzones in adfsvalidatebblk()
Reject ADFS disc records with a zero zone count during boot block validation, before the disc record is used.
When nzones is 0, adfsreadmap() passes it to kmallocarray(0, ...) which returns ZEROSIZEPTR, and adfsmap_layout() then writes to dm[-1], causing an out-of-bounds write before the allocated buffer.
adfsvalidatedr0() already rejects nzones != 1 for old-format images. Add the equivalent check to adfsvalidatebblk() for new-format images so that a crafted image with nzones == 0 is rejected at probe time.
Found by syzkaller.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/52xxx/CVE-2026-52992.json",
"cna_assigner": "Linux"
}