CVE-2026-23474

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mtd: Avoid boot crash in RedBoot partition table parser<br /> <br /> Given CONFIG_FORTIFY_SOURCE=y and a recent compiler,<br /> commit 439a1bcac648 ("fortify: Use __builtin_dynamic_object_size() when<br /> available") produces the warning below and an oops.<br /> <br /> Searching for RedBoot partition table in 50000000.flash at offset 0x7e0000<br /> ------------[ cut here ]------------<br /> WARNING: lib/string_helpers.c:1035 at 0xc029e04c, CPU#0: swapper/0/1<br /> memcmp: detected buffer overflow: 15 byte read of buffer size 14<br /> Modules linked in:<br /> CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.19.0 #1 NONE<br /> <br /> As Kees said, "&amp;#39;names&amp;#39; is pointing to the final &amp;#39;namelen&amp;#39; many bytes<br /> of the allocation ... &amp;#39;namelen&amp;#39; could be basically any length at all.<br /> This fortify warning looks legit to me -- this code used to be reading<br /> beyond the end of the allocation."<br /> <br /> Since the size of the dynamic allocation is calculated with strlen()<br /> we can use strcmp() instead of memcmp() and remain within bounds.