CVE-2026-52992
CVE-2026-52992 is a security vulnerability that is still awaiting full analysis and scoring. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- EPSS exploit prediction: 0% (8th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2026-38860
- Published:
- Last modified:
Description
In the Linux kernel, the following vulnerability has been resolved: fs/adfs: validate nzones in adfs_validate_bblk() Reject ADFS disc records with a zero zone count during boot block validation, before the disc record is used. When nzones is 0, adfs_read_map() passes it to kmalloc_array(0, ...) which returns ZERO_SIZE_PTR, and adfs_map_layout() then writes to dm[-1], causing an out-of-bounds write before the allocated buffer. adfs_validate_dr0() already rejects nzones != 1 for old-format images. Add the equivalent check to adfs_validate_bblk() for new-format images so that a crafted image with nzones == 0 is rejected at probe time. Found by syzkaller.
Frequently asked questions
- What is CVE-2026-52992?
- In the Linux kernel, the following vulnerability has been resolved: fs/adfs: validate nzones in adfs_validate_bblk() Reject ADFS disc records with a zero zone count during boot block validation, before the disc record is used. When nzones is 0, adfs_read_map() passes it to kmalloc_array(0, ...) which returns ZERO_SIZE_PTR, and adfs_map_layout() then writes to dm[-1], causing an out-of-bounds write before the allocated buffer. adfs_validate_dr0() already rejects nzones != 1 for old-format images. Add the equivalent check to adfs_validate_bblk() for new-format images so that a crafted image with nzones == 0 is rejected at probe time. Found by syzkaller.
- Is CVE-2026-52992 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (8th percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2026-52992?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2026-52992 have an EU (EUVD) identifier?
- Yes. CVE-2026-52992 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2026-38860.
- When was CVE-2026-52992 published?
- CVE-2026-52992 was published on 2026-06-24.
References
- https://git.kernel.org/stable/c/1586bd2d2fb436a26df20a70e78b000d34a7d159
- https://git.kernel.org/stable/c/1f0ed0f57f0fc87e46fe19a05435c214dc464be2
- https://git.kernel.org/stable/c/33aafd2418a59c96c0389d47ea09026661fa9ec6
- https://git.kernel.org/stable/c/60d82592ac8b5637fbed871381eb0a16df0a492e
- https://git.kernel.org/stable/c/6ff8cca5cdb4f2e0ea6d28ecd78479dd3f221ebc
- https://git.kernel.org/stable/c/a11372a8b1ceaa5e950a84b3b5fbf8228f25e277
- https://git.kernel.org/stable/c/a3fd5dc1c7b0aae947a67dc2e2c037d57557a4de
- https://git.kernel.org/stable/c/dd9d3e16c2d5fa166e13dce07413be51f42c8f5d