CVE-2026-23043
NULL Pointer Dereference in Linux Kernel btrfs Component
Publication date: 2026-02-04
Last updated on: 2026-02-04
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux_kernel | btrfs | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a NULL pointer dereference issue in the Linux kernel's btrfs filesystem code, specifically in the function do_abort_log_replay().
When the function btrfs_alloc_path() fails during replay_one_buffer(), a pointer wc->subvol_path becomes NULL. However, do_abort_log_replay() calls this pointer without checking if it is NULL, leading to a NULL pointer dereference when trying to print debug information.
The fix involves adding a NULL check before dereferencing wc->subvol_path to prevent this issue.
How can this vulnerability impact me? :
A NULL pointer dereference in kernel code can cause the affected system to crash or become unstable, potentially leading to a denial of service.
Since this occurs in the btrfs filesystem code, it could impact systems using btrfs by causing kernel panics or system crashes when the vulnerable code path is triggered.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know