Description

In the Linux kernel, the following vulnerability has been resolved: fs/adfs: validate nzones in adfs_validate_bblk() Reject ADFS disc records with a zero zone count during boot block validation, before the disc record is used. When nzones is 0, adfs_read_map() passes it to kmalloc_array(0, ...) which returns ZERO_SIZE_PTR, and adfs_map_layout() then writes to dm[-1], causing an out-of-bounds write before the allocated buffer. adfs_validate_dr0() already rejects nzones != 1 for old-format images. Add the equivalent check to adfs_validate_bblk() for new-format images so that a crafted image with nzones == 0 is rejected at probe time. Found by syzkaller.

Affected products

VendorProductVersions
LinuxLinuxf6f14a0d71b0773a1d4147d1a3c33d537cd213ab to <33aafd2418a59c96c0389d47ea09026661fa9ec6; f6f14a0d71b0773a1d4147d1a3c33d537cd213ab to <1f0ed0f57f0fc87e46fe19a05435c214dc464be2; f6f14a0d71b0773a1d4147d1a3c33d537cd213ab to <6ff8cca5cdb4f2e0ea6d28ecd78479dd3f221ebc; f6f14a0d71b0773a1d4147d1a3c33d537cd213ab to <a11372a8b1ceaa5e950a84b3b5fbf8228f25e277; f6f14a0d71b0773a1d4147d1a3c33d537cd213ab to <1586bd2d2fb436a26df20a70e78b000d34a7d159; f6f14a0d71b0773a1d4147d1a3c33d537cd213ab to <a3fd5dc1c7b0aae947a67dc2e2c037d57557a4de; f6f14a0d71b0773a1d4147d1a3c33d537cd213ab to <60d82592ac8b5637fbed871381eb0a16df0a492e; f6f14a0d71b0773a1d4147d1a3c33d537cd213ab to <dd9d3e16c2d5fa166e13dce07413be51f42c8f5d
LinuxLinux5.6; 0 to <5.6; 5.10.258 to <=5.10.*; 5.15.209 to <=5.15.*; 6.1.175 to <=6.1.*; 6.6.141 to <=6.6.*; 6.12.91 to <=6.12.*; 6.18.33 to <=6.18.*; 7.0.10 to <=7.0.*; 7.1 to <=*

References

Authoritative sources

This page is a snapshot. For the latest enrichment and updates, view the record on CVE.org or the NVD.

Generated from the official CVE List on 25 Jun 2026 10:14 UTC.