Skip to main content

Linux CVE-2026-23251

| EUVDEUVD-2026-12856 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-03-18 Linux
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
CVSS changed
May 21, 2026 - 18:37 NVD
5.5 (MEDIUM)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 18, 2026 - 17:30 euvd
EUVD-2026-12856
Analysis Generated
Mar 18, 2026 - 17:30 vuln.today
CVE Published
Mar 18, 2026 - 17:01 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

xfs: only call xf{array,blob}_destroy if we have a valid pointer

Only call the xfarray and xfblob destructor if we have a valid pointer, and be sure to null out that pointer afterwards. Note that this patch fixes a large number of commits, most of which were merged between 6.9 and 6.10.

AnalysisAI

This vulnerability in the Linux kernel's XFS filesystem code involves improper pointer validation in xfarray and xfblob destructor functions, where the destructors can be called with invalid (dangling) pointers if the pointer is not properly nulled after deallocation. The vulnerability affects Linux kernel versions 6.9 through 6.10 and later patch versions, potentially allowing information disclosure or system instability. While no CVSS score or exploitation data is publicly available, the fix was backported across multiple kernel versions (6.12.75, 6.18.16, 6.19.6, 7.0-rc1) indicating recognition of the issue's significance across the kernel maintenance community.

Technical ContextAI

The XFS (eXtended File System) in the Linux kernel (CPE: cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*) includes utilities for managing dynamic arrays and binary large objects through xfarray and xfblob data structures. This vulnerability relates to improper resource cleanup where destructor functions are invoked on pointers that may no longer point to valid memory allocations. The root cause appears to be a missing null-pointer check before invoking destructors, combined with failure to null out pointers after deallocation. This is fundamentally a use-after-free or double-free condition within the XFS subsystem, which can lead to reading or writing invalid memory regions. The vulnerability was introduced across multiple commits merged between kernel versions 6.9 and 6.10, suggesting it may have been part of broader changes to the XFS memory management subsystem.

RemediationAI

Update to a patched Linux kernel version that includes the fixes referenced in the stable commits: c9ccefacae0d8091683447bc338bd7741417039d (primary fix), 5de5be3ed7e7fa4ebde4f4b58fb9a629644f9202, ba408d299a3bb3c5309f40c5326e4fb83ead4247, or d827612c81a26cc1dd83a211cfcb5ad8765da0c4 available at https://git.kernel.org/stable/. For production systems, identify your kernel version (uname -r) and upgrade to the next patched stable release branch (e.g., from 6.10.x to 6.12.75, 6.18.16, 6.19.6 or later). For systems where immediate kernel updates are not feasible, disable XFS as the primary filesystem if alternative filesystems are available, restrict access to XFS-based storage to trusted users, and monitor kernel logs for xfarray or xfblob-related errors. Apply the patches as soon as kernel updates are available from your distribution.

Vendor StatusVendor

Debian

linux
Release Status Fixed Version Urgency
bullseye not-affected - -
bullseye (security) fixed 5.10.251-1 -
bookworm not-affected - -
bookworm (security) fixed 6.1.164-1 -
trixie vulnerable 6.12.73-1 -
trixie (security) vulnerable 6.12.74-2 -
forky fixed 6.19.6-2 -
sid fixed 6.19.8-1 -
(unstable) fixed 6.19.6-1 -

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-23251 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy