Home

Description

In the Linux kernel, the following vulnerability has been resolved: xfs: fix UAF in xchk_btree_check_block_owner We cannot dereference bs->cur when trying to determine if bs->cur aliases bs->sc->sa.{bno,rmap}_cur after the latter has been freed. Fix this by sampling before type before any freeing could happen. The correct temporal ordering was broken when we removed xfs_btnum_t.

PUBLISHED Reserved 2026-01-13 | Published 2026-02-18 | Updated 2026-02-23 | Assigner Linux

Product status

Default status
unaffected

ec793e690f801d97a7ae2a0d429fea1fee4d44aa (git) before 1d411278dda293a507cb794db7d9ed3511c685c6
affected

ec793e690f801d97a7ae2a0d429fea1fee4d44aa (git) before ed82e7949f5cac3058f4100f3cd670531d41a266
affected

ec793e690f801d97a7ae2a0d429fea1fee4d44aa (git) before ba5264610423d9653aa36920520902d83841bcfd
affected

ec793e690f801d97a7ae2a0d429fea1fee4d44aa (git) before 1c253e11225bc5167217897885b85093e17c2217
affected

Default status
affected

6.9
affected

Any version before 6.9
unaffected

6.12.72 (semver)
unaffected

6.18.11 (semver)
unaffected

6.19.1 (semver)
unaffected

7.0-rc1 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/1d411278dda293a507cb794db7d9ed3511c685c6

git.kernel.org/...c/ed82e7949f5cac3058f4100f3cd670531d41a266

git.kernel.org/...c/ba5264610423d9653aa36920520902d83841bcfd

git.kernel.org/...c/1c253e11225bc5167217897885b85093e17c2217

cve.org (CVE-2026-23223)

nvd.nist.gov (CVE-2026-23223)

Download JSON