CVE-2026-53369
UNKNOWN
NVD
CVSS Score
0
Severity
UNKNOWN
Published
Jul 19, 2026
Vendor
unknown
Description
In the Linux kernel, the following vulnerability has been resolved: udf: reject descriptors with oversized CRC length udf_read_tagged() skips CRC verification when descCRCLength + sizeof(struct tag) exceeds the block size. A crafted UDF image can set descCRCLength to an oversized value to bypass CRC validation entirely; the descriptor is then accepted based solely on the 8-bit tag checksum, which is trivially recomputable. Reject such descriptors instead of silently accepting them. A legitimate single-block descriptor should never have a CRC length that exceeds the block.
References
- https://git.kernel.org/stable/c/1873eb81c65d3f849418d7386baa39c439c9fc38
- https://git.kernel.org/stable/c/31605bbe94557bff721eaf041001169d44ac6f98
- https://git.kernel.org/stable/c/3dede76d525919bb966f9213e131af685de5ff99
- https://git.kernel.org/stable/c/50dfaf4a027742b4fcdc3e9305e7199ece9bc6a6
- https://git.kernel.org/stable/c/55d41b0a20128e86b9e960dd2e3f0a2d69a18df7