VDB
CVE-2026-23251
CVE-2026-23251
PUBLISHED
In the Linux kernel, the following vulnerability has been resolved: xfs: only call xf{array,blob}_destroy if we have a valid pointer Only call the xfarray and xfblob destructor if we have a valid pointer, and be sure to null out that pointer afterwards. Note that this patch fixes a large number of commits, most of which were merged between 6.9 and 6.10.
EPSS 0.02% · 4.5th percentile
Risk Scores
EPSS Score
0.02%
4.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux | 6.19.6, 0, 6.18.16 |
| linux | linux_kernel | 6.10, 6.10, 6.10 |
Timeline
- Mar 18, 2026 CVE Published
- Mar 19, 2026 EPSS Score
- Mar 20, 2026 EPSS Score
- Mar 21, 2026 EPSS Score
- Mar 22, 2026 EPSS Score
- Mar 22, 2026 Coalition ESS Score
- Mar 23, 2026 EPSS Score
- Mar 24, 2026 EPSS Score
- Mar 25, 2026 EPSS Score
- Mar 29, 2026 Security Advisory
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
References
- https://git.kernel.org/stable/c/5de5be3ed7e7fa4ebde4f4b58fb9a629644f9202 url
- https://git.kernel.org/stable/c/c9ccefacae0d8091683447bc338bd7741417039d url
- https://git.kernel.org/stable/c/d827612c81a26cc1dd83a211cfcb5ad8765da0c4 url
- https://git.kernel.org/stable/c/ba408d299a3bb3c5309f40c5326e4fb83ead4247 url
- https://nvd.nist.gov/vuln/detail/CVE-2026-23251 advisory
- https://lists.debian.org/debian-security-announce/2026/msg00154.html advisory
- https://lists.debian.org/debian-security-announce/2026/msg00148.html advisory