CVE-2026-23252 Linux CVE debrief

Who should care

Linux system administrators running XFS with scrub capabilities exposed to local users; kernel maintainers backporting stable patches; security teams tracking local DoS surfaces in filesystem subsystems.

Technical summary

The XFS filesystem scrubber in the Linux kernel used xchk_xfile_*_descr macros that called kasprintf to generate debug descriptions. These dynamic strings could exceed nofail allocation guarantees (historically 16 bytes), causing allocation failures. Jiaming Zhang identified triggerable paths via syzbot fuzzing. Because the descriptions are non-unique debugging aids, the resolution replaces kasprintf calls with static strings, removing the failure path entirely. The vulnerability is local, requires low privileges, and results in high availability impact (denial of service) with no confidentiality or integrity impact.

Defensive priority

medium

Recommended defensive actions

• Apply stable kernel patches for affected versions (6.10–6.12.77, 6.13–6.18.15, 6.19–6.19.5) or upgrade to patched releases (6.12.78+, 6.18.16+, 6.19.6+).
• Prioritize patching systems where untrusted users can execute XFS scrub operations or where syzbot-style fuzzing surfaces are exposed.
• Monitor kernel logs for XFS scrubber memory allocation failures as potential exploitation indicators on unpatched systems.
• Restrict local access to XFS scrub utilities where patching is delayed, since attack vector requires local privileges per CVSS.

Evidence notes

CVE published 2026-03-18; modified 2026-06-01. NVD marks status Analyzed. CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H yields 5.5 Medium. CPE ranges: 6.10 to before 6.12.78, 6.13 to before 6.18.16, 6.19 to before 6.19.6. Four stable kernel patches provided. Weakness listed as NVD-CWE-noinfo. No KEV entry. No known ransomware campaign use indicated.

Official resources