CVE-2026-23250 in Linux
Summary
by MITRE • 03/18/2026
In the Linux kernel, the following vulnerability has been resolved:
xfs: check return value of xchk_scrub_create_subord
Fix this function to return NULL instead of a mangled ENOMEM, then fix the callers to actually check for a null pointer and return ENOMEM. Most of the corrections here are for code merged between 6.2 and 6.10.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 05/21/2026
The vulnerability identified as CVE-2026-23250 resides within the Linux kernel's XFS file system implementation, specifically affecting the xchk_scrub_create_subord function. This issue represents a subtle but significant flaw in error handling mechanisms that can potentially lead to system instability or unexpected behavior during file system operations. The vulnerability manifests when the function fails to properly handle memory allocation failures, creating a condition where error codes are not consistently returned or properly checked by calling functions.
The technical root cause of this vulnerability stems from improper error code handling within the XFS scrubbing functionality. The xchk_scrub_create_subord function was designed to create subordinate objects during file system checking operations but contained a flaw in its return value management. Specifically, the function was returning a mangled ENOMEM error code instead of properly returning NULL when memory allocation failed. This inconsistency in error reporting creates a scenario where downstream callers cannot reliably determine whether an operation succeeded or failed, particularly when dealing with memory allocation failures that should result in ENOMEM error codes.
The operational impact of this vulnerability extends beyond simple error handling to potentially affect system stability and resource management during file system scrubbing operations. When the function returns a mangled ENOMEM instead of NULL, it creates confusion in the calling code path where proper null pointer checking is expected. This can lead to unexpected behavior where memory allocation failures are not properly handled, potentially causing memory leaks, resource exhaustion, or system crashes during routine file system operations. The vulnerability is particularly concerning because it affects code that was merged between kernel versions 6.2 and 6.10, meaning systems running these kernel versions could be exposed to this issue during routine XFS file system operations.
The fix implemented for this vulnerability addresses the core issue by modifying the xchk_scrub_create_subord function to properly return NULL when memory allocation fails, while simultaneously updating all callers to properly check for null pointer returns and subsequently return ENOMEM error codes to their own callers. This correction follows established best practices for error handling in kernel space code and aligns with common security principles for preventing information disclosure and system instability. The remediation process involves careful code review and modification of multiple function calls throughout the XFS subsystem, ensuring that all error paths properly handle the transition from allocation failures to appropriate error code propagation.
This vulnerability type relates to CWE-252, which describes "Unchecked Return Value" in software security contexts, and represents a classic example of how improper error handling can create security implications. The issue also maps to ATT&CK technique T1499.001, which covers "Fragging" or resource exhaustion attacks, as the improper handling of memory allocation failures could potentially be exploited to exhaust system resources. The fix demonstrates proper defensive programming practices that should be applied across kernel space code to prevent similar issues in other subsystems, particularly in file system implementations where memory management and error handling are critical for system stability. The vulnerability resolution ensures that XFS file system operations maintain consistent error propagation mechanisms that align with kernel standards and prevent potential exploitation scenarios.