{"id":"CVE-2026-23223","summary":"xfs: fix UAF in xchk_btree_check_block_owner","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: fix UAF in xchk_btree_check_block_owner\n\nWe cannot dereference bs-\u003ecur when trying to determine if bs-\u003ecur\naliases bs-\u003esc-\u003esa.{bno,rmap}_cur after the latter has been freed.\nFix this by sampling before type before any freeing could happen.\nThe correct temporal ordering was broken when we removed xfs_btnum_t.","modified":"2026-04-02T17:29:55.097982Z","published":"2026-02-18T14:53:26.603Z","related":["SUSE-SU-2026:20838-1","SUSE-SU-2026:20931-1","openSUSE-SU-2026:10387-1","openSUSE-SU-2026:20416-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23223.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/1c253e11225bc5167217897885b85093e17c2217"},{"type":"WEB","url":"https://git.kernel.org/stable/c/1d411278dda293a507cb794db7d9ed3511c685c6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ba5264610423d9653aa36920520902d83841bcfd"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ed82e7949f5cac3058f4100f3cd670531d41a266"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23223.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23223"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"ec793e690f801d97a7ae2a0d429fea1fee4d44aa"},{"fixed":"1d411278dda293a507cb794db7d9ed3511c685c6"},{"fixed":"ed82e7949f5cac3058f4100f3cd670531d41a266"},{"fixed":"ba5264610423d9653aa36920520902d83841bcfd"},{"fixed":"1c253e11225bc5167217897885b85093e17c2217"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23223.json"}}],"schema_version":"1.7.5"}