CVE-2026-52992

In the Linux kernel, the following vulnerability has been resolved:

fs/adfs: validate nzones in adfs validate bblk()

Reject ADFS disc records with a zero zone count during boot block validation, before the disc record is used.

When nzones is 0, adfs read map() passes it to kmalloc array(0, ...) which returns ZERO SIZE PTR, and adfs map layout() then writes to dm[-1], causing an out-of-bounds write before the allocated buffer.

adfs validate dr0() already rejects nzones != 1 for old-format images. Add the equivalent check to adfs validate bblk() for new-format images so that a crafted image with nzones == 0 is rejected at probe time.

Found by syzkaller.