Linux Kernel Vulnerability in UDF Processing Allows Bypassing CRC Validation
CVE-2026-53369
What is CVE-2026-53369?
A vulnerability exists in the Linux kernel's processing of Universal Disk Format (UDF) images. Specifically, the function responsible for reading tagged UDF data can skip the crucial CRC verification step if the calculated descriptor CRC length surpasses the block size limitations. This behavior allows a maliciously crafted UDF image to exploit the system, perpetuating the acceptance of the descriptor without proper validation. The system then relies solely on a basic 8-bit tag checksum for acceptance, which is easily forgeable. To enhance security, it is necessary to reject such oversized descriptors, reinforcing the integrity of descriptor acceptance during UDF data handling.
Affected Version(s)
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 832ab4a882dc9b3c0155490d9993642ef545fd22
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 7d1b6adbf90df6c8941090d5646fbeca25ba9770
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 3dede76d525919bb966f9213e131af685de5ff99