{
  "threat_severity" : "Moderate",
  "public_date" : "2026-03-18T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: xfs: check return value of xchk_scrub_create_subord",
    "id" : "2448712",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2448712"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-253",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nxfs: check return value of xchk_scrub_create_subord\nFix this function to return NULL instead of a mangled ENOMEM, then fix\nthe callers to actually check for a null pointer and return ENOMEM.\nMost of the corrections here are for code merged between 6.2 and 6.10.", "A NULL pointer dereference vulnerability was found in the Linux kernel's XFS filesystem scrub code. The xchk_scrub_create_subord() function returns a mangled ENOMEM error code instead of NULL on memory allocation failure. Callers do not properly check for null pointers before using the returned value, leading to NULL pointer dereferences when memory allocation fails during scrub operations." ],
  "statement" : "This flaw affects XFS filesystems using the online scrub functionality (xfs_scrub). The issue exists in code merged between kernel versions 6.2 and 6.10. Triggering this vulnerability requires invoking XFS scrub operations while the system is under memory pressure, causing allocation failures. The scrub functionality requires privileged access to execute.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-23250\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23250\nhttps://lore.kernel.org/linux-cve-announce/2026031845-CVE-2026-23250-271e@gregkh/T" ],
  "name" : "CVE-2026-23250",
  "csaw" : false
}