Bug 2448712 (CVE-2026-23250)

Summary: CVE-2026-23250 kernel: xfs: check return value of xchk_scrub_create_subord
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A NULL pointer dereference vulnerability was found in the Linux kernel's XFS filesystem scrub code. The xchk_scrub_create_subord() function returns a mangled ENOMEM error code instead of NULL on memory allocation failure. Callers do not properly check for null pointers before using the returned value, leading to NULL pointer dereferences when memory allocation fails during scrub operations.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2026-03-18 18:04:09 UTC 
In the Linux kernel, the following vulnerability has been resolved:

xfs: check return value of xchk_scrub_create_subord

Fix this function to return NULL instead of a mangled ENOMEM, then fix
the callers to actually check for a null pointer and return ENOMEM.
Most of the corrections here are for code merged between 6.2 and 6.10.
Comment 1 Jon Moroney 2026-03-18 18:56:13 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026031845-CVE-2026-23250-271e@gregkh/T