CVE-2026-23251NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference8 documents7 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 93.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxLinux Kernel
Timeline
PublishedMar 18

Description

In the Linux kernel, the following vulnerability has been resolved: xfs: only call xf{array,blob}_destroy if we have a valid pointer Only call the xfarray and xfblob destructor if we have a valid pointer, and be sure to null out that pointer afterwards. Note that this patch fixes a large number of commits, most of which were merged between 6.9 and 6.10.

Affected Packages3 packages

Linuxlinux/linux_kernel6.10.06.12.75+2
Debianlinux/linux_kernel< 6.19.6-1
CVEListV5linux/linuxab97f4b1c030750f2475bf4da8a9554d022066405de5be3ed7e7fa4ebde4f4b58fb9a629644f9202+4

🔴Vulnerability Details

4
OSV
CVE-2026-23251: In the Linux kernel, the following vulnerability has been resolved: xfs: only call xf{array,blob}_destroy if we have a valid pointer Only call the xfa2026-03-18
CVEList
xfs: only call xf{array,blob}_destroy if we have a valid pointer2026-03-18
GHSA
GHSA-h6jp-94m7-xf6p: In the Linux kernel, the following vulnerability has been resolved: xfs: only call xf{array,blob}_destroy if we have a valid pointer Only call the x2026-03-18
OSV
xfs: only call xf{array,blob}_destroy if we have a valid pointer2026-03-18

📋Vendor Advisories

2
Red Hat
kernel: xfs: only call xf{array,blob}_destroy if we have a valid pointer2026-03-18
Debian
CVE-2026-23251: linux - In the Linux kernel, the following vulnerability has been resolved: xfs: only c...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23251 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23251 — NULL Pointer Dereference in Linux | cvebase