#VU124197 NULL Pointer Dereference in Linux kernel - CVE-2026-23251
Published: March 20, 2026
Vulnerability identifier: #VU124197
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-23251
CWE-ID: CWE-476
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a use-after-free in the XFS filesystem component when handling file operations. A local user can trigger improper pointer management to cause a denial of service.
The vulnerability specifically involves calling destructors on invalid pointers in the xfarray and xfblob structures, which can lead to system instability or crash.
Remediation
Install security update from vendor's repository.