DEBIAN-CVE-2026-23251

DEBIAN-CVE-2026-23251 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: xfs: only call xf{array,blob}_destroy if we have a valid pointer Only call the xfarray and xfblob destructor if we have a valid pointer, and be sure to null out that pointer afterwards. Note that this patch fixes a large number of commits, most of which were merged between 6.9 and 6.10.

Affected Products

Vendor	Product	Versions
Debian:14	linux	0, 6.12.38-1, 6.12.41-1
Debian:13	linux	6.12.41-1, 6.12.43-1, 6.12.48-1

Timeline

Mar 18, 2026 CVE Published
Apr 30, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2026-23251 advisory

Open in Interactive Console →