CVE-2026-23223
Published: 18 February 2026
Summary
CVE-2026-23223 is a high-severity Use After Free (CWE-416) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 4.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-16 (Memory Protection).
Deeper analysis
CVE-2026-23223 is a use-after-free (UAF) vulnerability in the Linux kernel's XFS filesystem, specifically within the xchk_btree_check_block_owner function. The issue arises from dereferencing bs->cur after bs->sc->sa.{bno,rmap}_cur has been freed, violating correct temporal ordering that was disrupted by the removal of xfs_btnum_t. This flaw, classified under CWE-416, carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2026-02-18.
A local attacker with low privileges can exploit this vulnerability without user interaction and with low complexity. Successful exploitation allows arbitrary code execution or system compromise, potentially leading to high impacts on confidentiality, integrity, and availability, such as data corruption, privilege escalation, or kernel crashes.
Mitigation is available through upstream patches merged into stable Linux kernel branches, as documented in the following kernel git commits: https://git.kernel.org/stable/c/1c253e11225bc5167217897885b85093e17c2217, https://git.kernel.org/stable/c/1d411278dda293a507cb794db7d9ed3511c685c6, https://git.kernel.org/stable/c/ba5264610423d9653aa36920520902d83841bcfd, and https://git.kernel.org/stable/c/ed82e7949f5cac3058f4100f3cd670531d41a266. Security practitioners should ensure systems with XFS are updated to kernels incorporating these fixes.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-7678
Vulnerability details
In the Linux kernel, the following vulnerability has been resolved: xfs: fix UAF in xchk_btree_check_block_owner We cannot dereference bs->cur when trying to determine if bs->cur aliases bs->sc->sa.{bno,rmap}_cur after the latter has been freed. Fix this by sampling before type before…
more
any freeing could happen. The correct temporal ordering was broken when we removed xfs_btnum_t.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local kernel UAF in XFS enables direct privilege escalation via arbitrary code execution in kernel context.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires identification, reporting, and timely correction of system flaws, directly mitigating this UAF vulnerability via upstream kernel patches.
Implements memory protection mechanisms such as address randomization and non-executable memory to prevent exploitation of use-after-free errors in XFS kernel code.
Vulnerability scanning detects the presence of this specific kernel UAF flaw in deployed systems for remediation.