SB20260320102 - NULL Pointer Dereference in Linux kernel xfs scrub



SB20260320102 - NULL Pointer Dereference in Linux kernel xfs scrub

Published: March 20, 2026

Security Bulletin ID SB20260320102
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) NULL Pointer Dereference (CVE-ID: CVE-2026-23251)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to a use-after-free in the XFS filesystem component when handling file operations. A local user can trigger improper pointer management to cause a denial of service.

The vulnerability specifically involves calling destructors on invalid pointers in the xfarray and xfblob structures, which can lead to system instability or crash.


Remediation

Install update from vendor's website.