GHSA-5h77-9826-97qgunknown

In the Linux kernel, the following vulnerability has been resolved: fs/adfs: validate nzones in...

Published
June 24, 2026
Last Modified
June 24, 2026

🔗 CVE IDs covered (1)

📋 Description

In the Linux kernel, the following vulnerability has been resolved:

fs/adfs: validate nzones in adfs_validate_bblk()

Reject ADFS disc records with a zero zone count during boot block validation, before the disc record is used.

When nzones is 0, adfs_read_map() passes it to kmalloc_array(0, ...) which returns ZERO_SIZE_PTR, and adfs_map_layout() then writes to dm[-1], causing an out-of-bounds write before the allocated buffer.

adfs_validate_dr0() already rejects nzones != 1 for old-format images. Add the equivalent check to adfs_validate_bblk() for new-format images so that a crafted image with nzones == 0 is rejected at probe time.

Found by syzkaller.

🔗 References (10)