FKIE_CVE-2026-23223

Vulnerability from fkie_nvd - Published: 2026-02-18 16:22 - Updated: 2026-02-23 04:16
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: xfs: fix UAF in xchk_btree_check_block_owner We cannot dereference bs->cur when trying to determine if bs->cur aliases bs->sc->sa.{bno,rmap}_cur after the latter has been freed. Fix this by sampling before type before any freeing could happen. The correct temporal ordering was broken when we removed xfs_btnum_t.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/1c253e11225bc5167217897885b85093e17c2217
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/1d411278dda293a507cb794db7d9ed3511c685c6
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ba5264610423d9653aa36920520902d83841bcfd
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ed82e7949f5cac3058f4100f3cd670531d41a266
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: fix UAF in xchk_btree_check_block_owner\n\nWe cannot dereference bs-\u003ecur when trying to determine if bs-\u003ecur\naliases bs-\u003esc-\u003esa.{bno,rmap}_cur after the latter has been freed.\nFix this by sampling before type before any freeing could happen.\nThe correct temporal ordering was broken when we removed xfs_btnum_t."
    },
    {
      "lang": "es",
      "value": "Se ha resuelto la siguiente vulnerabilidad en el kernel de Linux:\n\nxfs: se corrige UAF en xchk_btree_check_block_owner\n\nNo podemos desreferenciar bs-\u0026gt;cur al intentar determinar si bs-\u0026gt;cur es un alias de bs-\u0026gt;sc-\u0026gt;sa.{bno,rmap}_cur despu\u00e9s de que este \u00faltimo haya sido liberado. Esto se soluciona muestreando el tipo antes de que pudiera ocurrir cualquier liberaci\u00f3n. El orden temporal correcto se rompi\u00f3 cuando eliminamos xfs_btnum_t."
    }
  ],
  "id": "CVE-2026-23223",
  "lastModified": "2026-02-23T04:16:00.787",
  "metrics": {},
  "published": "2026-02-18T16:22:32.037",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/1c253e11225bc5167217897885b85093e17c2217"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/1d411278dda293a507cb794db7d9ed3511c685c6"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/ba5264610423d9653aa36920520902d83841bcfd"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/ed82e7949f5cac3058f4100f3cd670531d41a266"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.