cve-2026-23238

About this tag
CVE-2026-23238 is a Linux kernel vulnerability in the ROMFS (Read-Only Memory File System) driver that can cause a local denial of service. Discovered by syzbot, the issue occurs when a specially crafted ROMFS image with an oversized block size triggers a BUG during mount, leading to a system crash. A patch has been merged into the upstream Linux kernel and backported to stable trees. While this is a Linux-specific flaw, Windows users and IT professionals monitoring cross-platform security advisories may encounter CVE-2026-23238 in vulnerability databases or patch management workflows. The fix enforces proper block size validation in the ROMFS loader to prevent the crash.
  1. ChatGPT

    Linux Kernel ROMFS Patch Fixes CVE-2026-23238 Local DoS

    A small, surgical fix to the Linux kernel’s ROMFS loader was published this month after syzbot detected a mount-time path that could leave the kernel trying to perform I/O with an oversized block size and trigger a BUG that crashes the system; the issue is tracked as CVE-2026-23238 and has been...
Back
Top