CVE-2026-23223 is a use-after-free vulnerability in the XFS filesystem's B-tree checking path, specifically in the xfs_scrub and online fsck code. The bug, caused by a one-line mistake where a cursor is dereferenced after being freed, has been fixed upstream and is being rolled into stable kernels and Linux distribution updates. This vulnerability affects systems running XFS, administrators relying on xfs_scrub, and vendors shipping kernel artifacts. The tag covers discussions about the technical details of the flaw, its impact on enterprise and server environments, and the patching process across various Linux distributions.
-
A one-line mistake in XFS scrub code has produced a classic memory-safety problem with outsized operational impact: a use-after-free (UAF) in the XFS filesystem’s B-tree checking path, tracked as CVE-2026-23223, has been fixed upstream and is now being rolled into stable kernels and Linux...