CVE-2026-52992 - Vulnerability Details

- fs/adfs: validate nzones in adfs_validate_bblk()

Description

In the Linux kernel, the following vulnerability has been resolved:

fs/adfs: validate nzones in adfs_validate_bblk()

Reject ADFS disc records with a zero zone count during boot block
validation, before the disc record is used.

When nzones is 0, adfs_read_map() passes it to kmalloc_array(0, ...)
which returns ZERO_SIZE_PTR, and adfs_map_layout() then writes to
dm[-1], causing an out-of-bounds write before the allocated buffer.

adfs_validate_dr0() already rejects nzones != 1 for old-format
images. Add the equivalent check to adfs_validate_bblk() for
new-format images so that a crafted image with nzones == 0 is
rejected at probe time.

Found by syzkaller.

Published: 2026-06-24

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`f6f14a0d71b0773a1d4147d1a3c33d537cd213ab`	affected	< 33aafd2418a59c96c0389d47ea09026661fa9ec6
`f6f14a0d71b0773a1d4147d1a3c33d537cd213ab`	affected	< 1f0ed0f57f0fc87e46fe19a05435c214dc464be2
`f6f14a0d71b0773a1d4147d1a3c33d537cd213ab`	affected	< 6ff8cca5cdb4f2e0ea6d28ecd78479dd3f221ebc
`f6f14a0d71b0773a1d4147d1a3c33d537cd213ab`	affected	< a11372a8b1ceaa5e950a84b3b5fbf8228f25e277
`f6f14a0d71b0773a1d4147d1a3c33d537cd213ab`	affected	< 1586bd2d2fb436a26df20a70e78b000d34a7d159
`f6f14a0d71b0773a1d4147d1a3c33d537cd213ab`	affected	< a3fd5dc1c7b0aae947a67dc2e2c037d57557a4de
`f6f14a0d71b0773a1d4147d1a3c33d537cd213ab`	affected	< 60d82592ac8b5637fbed871381eb0a16df0a492e
`f6f14a0d71b0773a1d4147d1a3c33d537cd213ab`	affected	< dd9d3e16c2d5fa166e13dce07413be51f42c8f5d

Linux

affected

Version	Status	Constraints
`5.6`	affected	—
`0`	unaffected	< 5.6
`5.10.258`	unaffected	≤ 5.10.*
`5.15.209`	unaffected	≤ 5.15.*
`6.1.175`	unaffected	≤ 6.1.*
`6.6.141`	unaffected	≤ 6.6.*
`6.12.91`	unaffected	≤ 6.12.*
`6.18.33`	unaffected	≤ 6.18.*
`7.0.10`	unaffected	≤ 7.0.*
`7.1`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[f6f14a0d71b0773a1d4147d1a3c33d537cd213ab,33aafd2418a59c96c0389d47ea09026661fa9ec6]`	affected	code_commit	—
`[f6f14a0d71b0773a1d4147d1a3c33d537cd213ab,1f0ed0f57f0fc87e46fe19a05435c214dc464be2]`	affected	code_commit	—
`[f6f14a0d71b0773a1d4147d1a3c33d537cd213ab,6ff8cca5cdb4f2e0ea6d28ecd78479dd3f221ebc]`	affected	code_commit	—
`[f6f14a0d71b0773a1d4147d1a3c33d537cd213ab,a11372a8b1ceaa5e950a84b3b5fbf8228f25e277]`	affected	code_commit	—
`[f6f14a0d71b0773a1d4147d1a3c33d537cd213ab,1586bd2d2fb436a26df20a70e78b000d34a7d159]`	affected	code_commit	—
`[f6f14a0d71b0773a1d4147d1a3c33d537cd213ab,a3fd5dc1c7b0aae947a67dc2e2c037d57557a4de]`	affected	code_commit	—
`[f6f14a0d71b0773a1d4147d1a3c33d537cd213ab,60d82592ac8b5637fbed871381eb0a16df0a492e]`	affected	code_commit	—
`[f6f14a0d71b0773a1d4147d1a3c33d537cd213ab,dd9d3e16c2d5fa166e13dce07413be51f42c8f5d]`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`5.6`	affected	semver	—
`[0,5.6)`	unaffected	semver	—
`[5.10.258,5.11.0)`	unaffected	semver	—
`[5.15.209,5.16.0)`	unaffected	semver	—
`[6.1.175,6.2.0)`	unaffected	semver	—
`[6.6.141,6.7.0)`	unaffected	semver	—
`[6.12.91,6.13.0)`	unaffected	semver	—
`[6.18.33,6.19.0)`	unaffected	semver	—
`[7.0.10,7.1.0)`	unaffected	semver	—
`[7.1,*)`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00184.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/1586bd2d2fb436a26df20a70e78b000d34a7d159
https://git.kernel.org/stable/c/1f0ed0f57f0fc87e46fe19a05435c214dc464be2
https://git.kernel.org/stable/c/33aafd2418a59c96c0389d47ea09026661fa9ec6
https://git.kernel.org/stable/c/60d82592ac8b5637fbed871381eb0a16df0a492e
https://git.kernel.org/stable/c/6ff8cca5cdb4f2e0ea6d28ecd78479dd3f221ebc
https://git.kernel.org/stable/c/a11372a8b1ceaa5e950a84b3b5fbf8228f25e277
https://git.kernel.org/stable/c/a3fd5dc1c7b0aae947a67dc2e2c037d57557a4de
https://git.kernel.org/stable/c/dd9d3e16c2d5fa166e13dce07413be51f42c8f5d
https://lore.kernel.org/linux-cve-announce/2026062444-CVE-2026-52992-af99@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-52992
https://www.cve.org/CVERecord?id=CVE-2026-52992

History

Fri, 26 Jun 2026 15:15:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-119

Fri, 26 Jun 2026 12:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-124
References		https://lore.kernel.org/linux-cve-announce/2026062444-CVE-2026-52992-af99@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-52992 https://www.cve.org/CVERecord?id=CVE-2026-52992

Wed, 24 Jun 2026 19:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-119

Wed, 24 Jun 2026 17:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: fs/adfs: validate nzones in adfs_validate_bblk() Reject ADFS disc records with a zero zone count during boot block validation, before the disc record is used. When nzones is 0, adfs_read_map() passes it to kmalloc_array(0, ...) which returns ZERO_SIZE_PTR, and adfs_map_layout() then writes to dm[-1], causing an out-of-bounds write before the allocated buffer. adfs_validate_dr0() already rejects nzones != 1 for old-format images. Add the equivalent check to adfs_validate_bblk() for new-format images so that a crafted image with nzones == 0 is rejected at probe time. Found by syzkaller.
Title		fs/adfs: validate nzones in adfs_validate_bblk()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/1586bd2d2fb436a26df20a70e78b000d34a7d159 https://git.kernel.org/stable/c/1f0ed0f57f0fc87e46fe19a05435c214dc464be2 https://git.kernel.org/stable/c/33aafd2418a59c96c0389d47ea09026661fa9ec6 https://git.kernel.org/stable/c/60d82592ac8b5637fbed871381eb0a16df0a492e https://git.kernel.org/stable/c/6ff8cca5cdb4f2e0ea6d28ecd78479dd3f221ebc https://git.kernel.org/stable/c/a11372a8b1ceaa5e950a84b3b5fbf8228f25e277 https://git.kernel.org/stable/c/a3fd5dc1c7b0aae947a67dc2e2c037d57557a4de https://git.kernel.org/stable/c/dd9d3e16c2d5fa166e13dce07413be51f42c8f5d

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-24T16:29:05.592Z

Updated: 2026-06-24T16:29:05.592Z

Reserved: 2026-06-09T07:44:35.377Z

Link: CVE-2026-52992

Vulnrichment

No data.

NVD

No data.

Redhat

Severity :

Publid Date: 2026-06-24T00:00:00Z

Links: CVE-2026-52992 - Bugzilla

OpenCVE Enrichment

Updated: 2026-06-26T17:30:05Z

Weaknesses

CWE-124

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object