CVE-2026-23223

Summary

In the Linux kernel, the following vulnerability has been resolved:

xfs: fix UAF in xchk_btree_check_block_owner

We cannot dereference bs->cur when trying to determine if bs->cur aliases bs->sc->sa.{bno,rmap}_cur after the latter has been freed. Fix this by sampling before type before any freeing could happen. The correct temporal ordering was broken when we removed xfs_btnum_t.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxec793e690f801d97a7ae2a0d429fea1fee4d44aa < 1d411278dda293a507cb794db7d9ed3511c685c6affected
LinuxLinuxec793e690f801d97a7ae2a0d429fea1fee4d44aa < ed82e7949f5cac3058f4100f3cd670531d41a266affected
LinuxLinuxec793e690f801d97a7ae2a0d429fea1fee4d44aa < ba5264610423d9653aa36920520902d83841bcfdaffected
LinuxLinuxec793e690f801d97a7ae2a0d429fea1fee4d44aa < 1c253e11225bc5167217897885b85093e17c2217affected
LinuxLinux6.9affected
LinuxLinux0 < 6.9unaffected
LinuxLinux6.12.72 <= 6.12.*unaffected
LinuxLinux6.18.11 <= 6.18.*unaffected
LinuxLinux6.19.1 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References