Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: xfs: fix UAF in xchk_btree_check_block_owner We cannot dereference bs->cur when trying to determine if bs->cur aliases bs->sc->sa.{bno,rmap}_cur after the latter has been freed. Fix this by sampling before type before any freeing could happen. The correct temporal ordering was broken when we removed xfs_btnum_t.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 6.9, < 6.12.72 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/1c253e11225bc5167217897885b85093e17c2217Patch
- https://git.kernel.org/stable/c/1d411278dda293a507cb794db7d9ed3511c685c6Patch
- https://git.kernel.org/stable/c/ba5264610423d9653aa36920520902d83841bcfdPatch
- https://git.kernel.org/stable/c/ed82e7949f5cac3058f4100f3cd670531d41a266Patch
FAQ
What is CVE-2026-23223?
CVE-2026-23223 is a vulnerability with a CVSS score of 7.8 (HIGH). In the Linux kernel, the following vulnerability has been resolved: xfs: fix UAF in xchk_btree_check_block_owner We cannot dereference bs->cur when trying to determine if bs->cur aliases bs->sc->sa....
How severe is CVE-2026-23223?
CVE-2026-23223 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-23223?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.