Main Vulnerability Database SB20260320104

SB20260320104 - NULL Pointer Dereference in Linux kernel xfs scrub

Published: March 20, 2026

Security Bulletin ID SB20260320104

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) NULL Pointer Dereference (CVE-ID: CVE-2026-23249)

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to a null pointer dereference in the XFS filesystem's btree revalidation functionality when handling ioctl requests. A local user can trigger a specially crafted ioctl request to cause a null pointer dereference and crash the system.

The attacker must have privileges to perform XFS filesystem scrub operations, which typically requires administrative privileges.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/55e03b8cbe2783ec9acfb88e8adb946ed504e117
https://git.kernel.org/stable/c/5991e96f2ae82df60a3e4ed00f3432d9f3502a99
https://git.kernel.org/stable/c/b04baa848c0543b240b1bd8aecff470382f6f154
https://git.kernel.org/stable/c/d69de525bc7ab27713342080bf50826df3f6a68f