Linux Kernel XFS xfarray/xfblob Null Pointer Destruction
CVE-2026-23251 Published on March 18, 2026
xfs: only call xf{array,blob}_destroy if we have a valid pointer
In the Linux kernel, the following vulnerability has been resolved:
xfs: only call xf{array,blob}_destroy if we have a valid pointer
Only call the xfarray and xfblob destructor if we have a valid pointer,
and be sure to null out that pointer afterwards. Note that this patch
fixes a large number of commits, most of which were merged between 6.9
and 6.10.
Products Associated with CVE-2026-23251
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version ab97f4b1c030750f2475bf4da8a9554d02206640 and below 5de5be3ed7e7fa4ebde4f4b58fb9a629644f9202 is affected.
- Version ab97f4b1c030750f2475bf4da8a9554d02206640 and below c9ccefacae0d8091683447bc338bd7741417039d is affected.
- Version ab97f4b1c030750f2475bf4da8a9554d02206640 and below d827612c81a26cc1dd83a211cfcb5ad8765da0c4 is affected.
- Version ab97f4b1c030750f2475bf4da8a9554d02206640 and below ba408d299a3bb3c5309f40c5326e4fb83ead4247 is affected.
- Version 6.10 is affected.
- Before 6.10 is unaffected.
- Version 6.12.75, <= 6.12.* is unaffected.
- Version 6.18.16, <= 6.18.* is unaffected.
- Version 6.19.6, <= 6.19.* is unaffected.
- Version 7.0, <= * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.