You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve-2026-23238
About this tag
CVE-2026-23238 is a Linux kernel vulnerability in the ROMFS (Read-Only Memory File System) driver that can cause a local denial of service. Discovered by syzbot, the issue occurs when a specially crafted ROMFS image with an oversized block size triggers a BUG during mount, leading to a system crash. A patch has been merged into the upstream Linux kernel and backported to stable trees. While this is a Linux-specific flaw, Windows users and IT professionals monitoring cross-platform security advisories may encounter CVE-2026-23238 in vulnerability databases or patch management workflows. The fix enforces proper block size validation in the ROMFS loader to prevent the crash.
A small, surgical fix to the Linux kernel’s ROMFS loader was published this month after syzbot detected a mount-time path that could leave the kernel trying to perform I/O with an oversized block size and trigger a BUG that crashes the system; the issue is tracked as CVE-2026-23238 and has been...