CVE-2026-23223

Published: Feb 18, 2026Modified: Mar 18, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In the Linux kernel, the following vulnerability has been resolved: xfs: fix UAF in xchk_btree_check_block_owner We cannot dereference bs->cur when trying to determine if bs->cur aliases bs->sc->sa.{bno,rmap}_cur after the latter has been freed. Fix this by sampling before type before any freeing could happen. The correct temporal ordering was broken when we removed xfs_btnum_t.

Affected (3)

Products: Linux: Linux Kernel

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 6.13 to 6.18.11
Linux Linux Kernel	From 6.19 to 6.19.1
Linux Linux Kernel	From 6.9 to 6.12.72

Related CWEs

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (4)

https://git.kernel.org/stable/c/1c253e11225bc5167217897885b85093e17c2217

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/1d411278dda293a507cb794db7d9ed3511c685c6

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/ba5264610423d9653aa36920520902d83841bcfd

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

https://git.kernel.org/stable/c/ed82e7949f5cac3058f4100f3cd670531d41a266

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

Timeline

No history available yet.