CVE-2026-23223

High CVSS: 7.8

In the Linux kernel, the following vulnerability has been resolved:

xfs: fix UAF in xchk_btree_check_block_owner

We cannot dereference bs->cur when trying to determine if bs->cur
aliases bs->sc->sa.{bno,rmap}_cur after the latter has been freed.
Fix this by sampling before type before any freeing could happen.
The correct temporal ordering was broken when we removed xfs_btnum_t.

Vendor

Linux

Product

Linux Kernel

CWE

CWE-416

Yayın Tarihi

2026-02-18 16:22:32

Güncelleme

2026-03-18 14:46:29

Source Identifier

416baaa9-dc9f-4396-8d5f-8c081fb06d67

KEV Date Added

Kategoriler

CWE-416 Linux Kernel HIGH Linux 2026

Referanslar

https://git.kernel.org/stable/c/1c253e11225bc5167217897885b85093e17c2217 https://git.kernel.org/stable/c/1d411278dda293a507cb794db7d9ed3511c685c6 https://git.kernel.org/stable/c/ba5264610423d9653aa36920520902d83841bcfd https://git.kernel.org/stable/c/ed82e7949f5cac3058f4100f3cd670531d41a266

Benzer Kayıtlar

Medium

CVE-2026-23238

In the Linux kernel, the following vulnerability has been resolved: romfs: check sb_set_blocksize() return value romfs…

Medium

CVE-2026-23237

In the Linux kernel, the following vulnerability has been resolved: platform/x86: classmate-laptop: Add missing NULL po…

High

CVE-2026-23236

In the Linux kernel, the following vulnerability has been resolved: fbdev: smscufx: properly copy ioctl memory to kerne…

High

CVE-2026-23235

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix out-of-bounds access in sysfs attribute r…

High

CVE-2026-23234

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid UAF in f2fs_write_end_io() As s…

High

CVE-2026-23233

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid mapping wrong physical block for…