CVE-2026-23043NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference7 documents6 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 92.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedFeb 4

Description

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix NULL pointer dereference in do_abort_log_replay() Coverity reported a NULL pointer dereference issue (CID 1666756) in do_abort_log_replay(). When btrfs_alloc_path() fails in replay_one_buffer(), wc->subvol_path is NULL, but btrfs_abort_log_replay() calls do_abort_log_replay() which unconditionally dereferences wc->subvol_path when attempting to print debug information. Fix this by adding a NULL check before derefere

Affected Packages4 packages

Linuxlinux/linux_kernel6.18.06.18.6
Debianlinux/linux_kernel< 6.18.8-1
CVEListV5linux/linux2753e49176240f21e4bb10e03514f99e732704bb6d1b61b8e1e44888c643d89225ab819b10649b2e+2
debiandebian/linux< linux 6.18.8-1 (forky)

🔴Vulnerability Details

3
GHSA
GHSA-79jf-89ph-wp26: In the Linux kernel, the following vulnerability has been resolved: btrfs: fix NULL pointer dereference in do_abort_log_replay() Coverity reported a2026-02-04
OSV
btrfs: fix NULL pointer dereference in do_abort_log_replay()2026-02-04
OSV
CVE-2026-23043: In the Linux kernel, the following vulnerability has been resolved: btrfs: fix NULL pointer dereference in do_abort_log_replay() Coverity reported a N2026-02-04

📋Vendor Advisories

2
Red Hat
kernel: btrfs: fix NULL pointer dereference in do_abort_log_replay()2026-02-04
Debian
CVE-2026-23043: linux - In the Linux kernel, the following vulnerability has been resolved: btrfs: fix ...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23043 Impact, Exploitability, and Mitigation Steps | Wiz