Main Vulnerability Database SB20260320102

SB20260320102 - NULL Pointer Dereference in Linux kernel xfs scrub

Published: March 20, 2026

Security Bulletin ID SB20260320102

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) NULL Pointer Dereference (CVE-ID: CVE-2026-23251)

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to a use-after-free in the XFS filesystem component when handling file operations. A local user can trigger improper pointer management to cause a denial of service.

The vulnerability specifically involves calling destructors on invalid pointers in the xfarray and xfblob structures, which can lead to system instability or crash.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/5de5be3ed7e7fa4ebde4f4b58fb9a629644f9202
https://git.kernel.org/stable/c/ba408d299a3bb3c5309f40c5326e4fb83ead4247
https://git.kernel.org/stable/c/c9ccefacae0d8091683447bc338bd7741417039d
https://git.kernel.org/stable/c/d827612c81a26cc1dd83a211cfcb5ad8765da0c4