SB20260320102 - NULL Pointer Dereference in Linux kernel xfs scrub
Published: March 20, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) NULL Pointer Dereference (CVE-ID: CVE-2026-23251)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a use-after-free in the XFS filesystem component when handling file operations. A local user can trigger improper pointer management to cause a denial of service.
The vulnerability specifically involves calling destructors on invalid pointers in the xfarray and xfblob structures, which can lead to system instability or crash.
Remediation
Install update from vendor's website.