CVE-2026-23251

Опубликовано: 18 мар. 2026

Источник: redhat

CVSS3: 5.5

EPSS Низкий

Описание

A NULL pointer dereference vulnerability was found in the Linux kernel's XFS filesystem. The xfarray_destroy() and xfblob_destroy() functions are called without checking if the pointer is valid. When these destructors are invoked on NULL pointers during cleanup paths, a kernel crash occurs. The fix adds NULL checks before calling the destructors and nullifies the pointers afterward to prevent double-free issues.

Отчет

This flaw affects XFS filesystems in kernels between 6.9 and 6.10 where the xfarray and xfblob infrastructure was introduced for online repair functionality. The NULL pointer dereference occurs in error handling and cleanup paths. While this can cause a kernel crash, exploitation requires triggering specific error conditions in XFS scrub/repair operations.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 10	kernel	Fix deferred
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise Linux 8	kernel-rt	Not affected
Red Hat Enterprise Linux 9	kernel	Fix deferred
Red Hat Enterprise Linux 9	kernel-rt	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-476

https://bugzilla.redhat.com/show_bug.cgi?id=2448710kernel: xfs: only call xf{array,blob}_destroy if we have a valid pointer

EPSS

Процентиль: 6%

0.00023

Низкий

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2026-23251

ubuntu

10 дней назад

In the Linux kernel, the following vulnerability has been resolved: xfs: only call xf{array,blob}_destroy if we have a valid pointer Only call the xfarray and xfblob destructor if we have a valid pointer, and be sure to null out that pointer afterwards. Note that this patch fixes a large number of commits, most of which were merged between 6.9 and 6.10.