{ "document": { "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this portal to enhance access to its information and vulnerabilities. The use of this information is subject to the following terms and conditions:\n\nThe vulnerabilities disclosed in this portal are gathered by NCSC-NL from a variety of open sources, which the user can retrieve from other platforms. NCSC-NL makes every reasonable effort to ensure that the content of this portal is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or real-time keeping up-to-date. NCSC-NL does not control nor guarantee the accuracy, relevance, timeliness or completeness of information obtained from these external sources. The vulnerabilities disclosed in this portal are intended solely for the convenience of professional parties to take appropriate measures to manage the risks posed to the cybersecurity. No rights can be derived from the information provided therein.\n\nNCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of the vulnerabilities disclosed in this portal. This includes damage resulting from the inaccuracy of incompleteness of the information contained in it.\nThe information on this page is subject to Dutch law. All disputes related to or arising from the use of this portal regarding the disclosure of vulnerabilities will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings." } ], "publisher": { "category": "coordinator", "contact_details": "cert@ncsc.nl", "name": "National Cyber Security Centre", "namespace": "https://www.ncsc.nl/" }, "title": "CVE-2026-23249", "tracking": { "current_release_date": "2026-03-30T15:26:06.841838Z", "generator": { "date": "2026-02-17T15:00:00Z", "engine": { "name": "V.E.L.M.A", "version": "1.7" } }, "id": "CVE-2026-23249", "initial_release_date": "2026-03-18T17:38:35.993413Z", "revision_history": [ { "date": "2026-03-18T17:38:35.993413Z", "number": "1", "summary": "CVE created.| Source created.| CVE status created. (valid)| Description created for source.| Products created (4).| Products connected (6).| References created (4)." }, { "date": "2026-03-18T17:38:42.724599Z", "number": "2", "summary": "NCSC Score created." }, { "date": "2026-03-18T18:26:10.722448Z", "number": "3", "summary": "Source created.| CVE status created. (valid)| Description created for source.| References created (4)." }, { "date": "2026-03-19T00:28:38.933916Z", "number": "4", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products connected (13).| Product Identifiers created (5).| References created (3).| Vendor_assessment created." }, { "date": "2026-03-19T00:28:50.344664Z", "number": "5", "summary": "NCSC Score updated." }, { "date": "2026-03-19T00:43:38.895516Z", "number": "6", "summary": "Source created.| CVE status created. (valid)| Products connected (2)." }, { "date": "2026-03-19T06:44:21.883638Z", "number": "7", "summary": "Description created for source." }, { "date": "2026-03-19T12:05:42.737344Z", "number": "8", "summary": "Source connected.| CVE status created. (valid)| Products connected (1).| References created (28)." }, { "date": "2026-03-19T12:05:45.577511Z", "number": "9", "summary": "NCSC Score updated." }, { "date": "2026-03-19T20:48:44.295387Z", "number": "10", "summary": "Source created.| CVE status created. (valid)| Description created for source.| References created (4)." }, { "date": "2026-03-19T20:48:47.560649Z", "number": "11", "summary": "NCSC Score updated." }, { "date": "2026-03-20T09:55:40.691838Z", "number": "12", "summary": "Source connected.| CVE status created. (valid)| EPSS created." }, { "date": "2026-03-20T09:55:44.528222Z", "number": "13", "summary": "NCSC Score updated." }, { "date": "2026-03-25T01:06:45.477269Z", "number": "14", "summary": "Products connected (1).| References created (2)." }, { "date": "2026-03-25T01:06:47.556735Z", "number": "15", "summary": "NCSC Score updated." }, { "date": "2026-03-25T10:07:18.559787Z", "number": "16", "summary": "References created (1)." }, { "date": "2026-03-25T10:07:22.783963Z", "number": "17", "summary": "NCSC Score updated." }, { "date": "2026-03-26T08:05:39.993425Z", "number": "18", "summary": "References created (2)." }, { "date": "2026-03-27T09:06:38.629387Z", "number": "19", "summary": "Products connected (1).| References created (4)." }, { "date": "2026-03-27T09:06:40.784625Z", "number": "20", "summary": "NCSC Score updated." }, { "date": "2026-03-30T13:30:56.159684Z", "number": "21", "summary": "Products connected (1).| References created (2)." }, { "date": "2026-03-30T13:31:10.864120Z", "number": "22", "summary": "NCSC Score updated." } ], "status": "interim", "version": "22" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/unknown", "product": { "name": "vers:unknown/unknown", "product_id": "CSAFPID-1363258", "product_identification_helper": { "cpe": "cpe:/a:google:cloud_platform:-" } } } ], "category": "product_name", "name": "Google Cloud Platform" } ], "category": "vendor", "name": "Google" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/unknown", "product": { "name": "vers:unknown/unknown", "product_id": "CSAFPID-1337880", "product_identification_helper": { "cpe": "cpe:/o:igel:os:-" } } } ], "category": "product_name", "name": "IGEL OS" } ], "category": "vendor", "name": "IGEL" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:git/dbfbf3bdf639a20da7d5fb390cd2e197d25aa418|<55e03b8cbe2783ec9acfb88e8adb946ed504e117", "product": { "name": "vers:git/dbfbf3bdf639a20da7d5fb390cd2e197d25aa418|<55e03b8cbe2783ec9acfb88e8adb946ed504e117", "product_id": "CSAFPID-5844607" } }, { "category": "product_version_range", "name": "vers:git/dbfbf3bdf639a20da7d5fb390cd2e197d25aa418|<5991e96f2ae82df60a3e4ed00f3432d9f3502a99", "product": { "name": "vers:git/dbfbf3bdf639a20da7d5fb390cd2e197d25aa418|<5991e96f2ae82df60a3e4ed00f3432d9f3502a99", "product_id": "CSAFPID-5844606" } }, { "category": "product_version_range", "name": "vers:git/dbfbf3bdf639a20da7d5fb390cd2e197d25aa418|\n xfs_ioc_scrubv_metadata() ->\n xfs_scrub_metadata() ->\n `sc->ops->repair_eval(sc)` ->\n xrep_revalidate_allocbt()\n\n xchk_allocbt() is called twice in this function. In the first call:\n\n /* Note that sc->sm->sm_type is XFS_SCRUB_TYPE_BNOPT now */\n xchk_allocbt() ->\n xchk_btree() ->\n `bs->scrub_rec(bs, recp)` ->\n xchk_allocbt_rec() ->\n xchk_allocbt_xref() ->\n xchk_allocbt_xref_other()\n\n since sm_type is XFS_SCRUB_TYPE_BNOBT, pur is set to &sc->sa.cnt_cur.\n Kernel called xfs_alloc_get_rec() and returned -EFSCORRUPTED. Call\n chain:\n\n xfs_alloc_get_rec() ->\n xfs_btree_get_rec() ->\n xfs_btree_check_block() ->\n (XFS_IS_CORRUPT || XFS_TEST_ERROR), the former is false and the latter\n is true, return -EFSCORRUPTED. This should be caused by\n ioctl$XFS_IOC_ERROR_INJECTION I guess.\n\n Back to xchk_allocbt_xref_other(), after receiving -EFSCORRUPTED from\n xfs_alloc_get_rec(), kernel called xchk_should_check_xref(). In this\n function, *curpp (points to sc->sa.cnt_cur) is nullified.\n\n Back to xrep_revalidate_allocbt(), since sc->sa.cnt_cur has been\n nullified, it then triggered null-ptr-deref via xchk_allocbt() (second\n call) -> xchk_btree().\n\nSo. The bnobt revalidation failed on a cross-reference attempt, so we\ndeleted the cntbt cursor, and then crashed when we tried to revalidate\nthe cntbt. Therefore, check for a null cntbt cursor before that\nrevalidation, and mark the repair incomplete. Also we can ignore the\nsecond tree entirely if the first tree was rebuilt but is already\ncorrupt.\n\nApply the same fix to xrep_revalidate_iallocbt because it has the same\nproblem.", "title": "cveprojectv5 - https://www.cve.org/CVERecord?id=CVE-2026-23249" }, { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: check for deleted cursors when revalidating two btrees\n\nThe free space and inode btree repair functions will rebuild both btrees\nat the same time, after which it needs to evaluate both btrees to\nconfirm that the corruptions are gone.\n\nHowever, Jiaming Zhang ran syzbot and produced a crash in the second\nxchk_allocbt call. His root-cause analysis is as follows (with minor\ncorrections):\n\n In xrep_revalidate_allocbt(), xchk_allocbt() is called twice (first\n for BNOBT, second for CNTBT). The cause of this issue is that the\n first call nullified the cursor required by the second call.\n\n Let's first enter xrep_revalidate_allocbt() via following call chain:\n\n xfs_file_ioctl() ->\n xfs_ioc_scrubv_metadata() ->\n xfs_scrub_metadata() ->\n `sc->ops->repair_eval(sc)` ->\n xrep_revalidate_allocbt()\n\n xchk_allocbt() is called twice in this function. In the first call:\n\n /* Note that sc->sm->sm_type is XFS_SCRUB_TYPE_BNOPT now */\n xchk_allocbt() ->\n xchk_btree() ->\n `bs->scrub_rec(bs, recp)` ->\n xchk_allocbt_rec() ->\n xchk_allocbt_xref() ->\n xchk_allocbt_xref_other()\n\n since sm_type is XFS_SCRUB_TYPE_BNOBT, pur is set to &sc->sa.cnt_cur.\n Kernel called xfs_alloc_get_rec() and returned -EFSCORRUPTED. Call\n chain:\n\n xfs_alloc_get_rec() ->\n xfs_btree_get_rec() ->\n xfs_btree_check_block() ->\n (XFS_IS_CORRUPT || XFS_TEST_ERROR), the former is false and the latter\n is true, return -EFSCORRUPTED. This should be caused by\n ioctl$XFS_IOC_ERROR_INJECTION I guess.\n\n Back to xchk_allocbt_xref_other(), after receiving -EFSCORRUPTED from\n xfs_alloc_get_rec(), kernel called xchk_should_check_xref(). In this\n function, *curpp (points to sc->sa.cnt_cur) is nullified.\n\n Back to xrep_revalidate_allocbt(), since sc->sa.cnt_cur has been\n nullified, it then triggered null-ptr-deref via xchk_allocbt() (second\n call) -> xchk_btree().\n\nSo. The bnobt revalidation failed on a cross-reference attempt, so we\ndeleted the cntbt cursor, and then crashed when we tried to revalidate\nthe cntbt. Therefore, check for a null cntbt cursor before that\nrevalidation, and mark the repair incomplete. Also we can ignore the\nsecond tree entirely if the first tree was rebuilt but is already\ncorrupt.\n\nApply the same fix to xrep_revalidate_iallocbt because it has the same\nproblem.", "title": "nvd - https://nvd.nist.gov/vuln/detail/CVE-2026-23249" }, { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved: xfs: check for deleted cursors when revalidating two btrees The free space and inode btree repair functions will rebuild both btrees at the same time, after which it needs to evaluate both btrees to confirm that the corruptions are gone. However, Jiaming Zhang ran syzbot and produced a crash in the second xchk_allocbt call. His root-cause analysis is as follows (with minor corrections): In xrep_revalidate_allocbt(), xchk_allocbt() is called twice (first for BNOBT, second for CNTBT). The cause of this issue is that the first call nullified the cursor required by the second call. Let's first enter xrep_revalidate_allocbt() via following call chain: xfs_file_ioctl() -> xfs_ioc_scrubv_metadata() -> xfs_scrub_metadata() -> `sc->ops->repair_eval(sc)` -> xrep_revalidate_allocbt() xchk_allocbt() is called twice in this function. In the first call: /* Note that sc->sm->sm_type is XFS_SCRUB_TYPE_BNOPT now */ xchk_allocbt() -> xchk_btree() -> `bs->scrub_rec(bs, recp)` -> xchk_allocbt_rec() -> xchk_allocbt_xref() -> xchk_allocbt_xref_other() since sm_type is XFS_SCRUB_TYPE_BNOBT, pur is set to &sc->sa.cnt_cur. Kernel called xfs_alloc_get_rec() and returned -EFSCORRUPTED. Call chain: xfs_alloc_get_rec() -> xfs_btree_get_rec() -> xfs_btree_check_block() -> (XFS_IS_CORRUPT || XFS_TEST_ERROR), the former is false and the latter is true, return -EFSCORRUPTED. This should be caused by ioctl$XFS_IOC_ERROR_INJECTION I guess. Back to xchk_allocbt_xref_other(), after receiving -EFSCORRUPTED from xfs_alloc_get_rec(), kernel called xchk_should_check_xref(). In this function, *curpp (points to sc->sa.cnt_cur) is nullified. Back to xrep_revalidate_allocbt(), since sc->sa.cnt_cur has been nullified, it then triggered null-ptr-deref via xchk_allocbt() (second call) -> xchk_btree(). So. The bnobt revalidation failed on a cross-reference attempt, so we deleted the cntbt cursor, and then crashed when we tried to revalidate the cntbt. Therefore, check for a null cntbt cursor before that revalidation, and mark the repair incomplete. Also we can ignore the second tree entirely if the first tree was rebuilt but is already corrupt. Apply the same fix to xrep_revalidate_iallocbt because it has the same problem.", "title": "debian - https://security-tracker.debian.org/tracker/CVE-2026-23249" }, { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: check for deleted cursors when revalidating two btrees\n\nThe free space and inode btree repair functions will rebuild both btrees\nat the same time, after which it needs to evaluate both btrees to\nconfirm that the corruptions are gone.\n\nHowever, Jiaming Zhang ran syzbot and produced a crash in the second\nxchk_allocbt call. His root-cause analysis is as follows (with minor\ncorrections):\n\n In xrep_revalidate_allocbt(), xchk_allocbt() is called twice (first\n for BNOBT, second for CNTBT). The cause of this issue is that the\n first call nullified the cursor required by the second call.\n\n Let's first enter xrep_revalidate_allocbt() via following call chain:\n\n xfs_file_ioctl() ->\n xfs_ioc_scrubv_metadata() ->\n xfs_scrub_metadata() ->\n `sc->ops->repair_eval(sc)` ->\n xrep_revalidate_allocbt()\n\n xchk_allocbt() is called twice in this function. In the first call:\n\n /* Note that sc->sm->sm_type is XFS_SCRUB_TYPE_BNOPT now */\n xchk_allocbt() ->\n xchk_btree() ->\n `bs->scrub_rec(bs, recp)` ->\n xchk_allocbt_rec() ->\n xchk_allocbt_xref() ->\n xchk_allocbt_xref_other()\n\n since sm_type is XFS_SCRUB_TYPE_BNOBT, pur is set to &sc->sa.cnt_cur.\n Kernel called xfs_alloc_get_rec() and returned -EFSCORRUPTED. Call\n chain:\n\n xfs_alloc_get_rec() ->\n xfs_btree_get_rec() ->\n xfs_btree_check_block() ->\n (XFS_IS_CORRUPT || XFS_TEST_ERROR), the former is false and the latter\n is true, return -EFSCORRUPTED. This should be caused by\n ioctl$XFS_IOC_ERROR_INJECTION I guess.\n\n Back to xchk_allocbt_xref_other(), after receiving -EFSCORRUPTED from\n xfs_alloc_get_rec(), kernel called xchk_should_check_xref(). In this\n function, *curpp (points to sc->sa.cnt_cur) is nullified.\n\n Back to xrep_revalidate_allocbt(), since sc->sa.cnt_cur has been\n nullified, it then triggered null-ptr-deref via xchk_allocbt() (second\n call) -> xchk_btree().\n\nSo. The bnobt revalidation failed on a cross-reference attempt, so we\ndeleted the cntbt cursor, and then crashed when we tried to revalidate\nthe cntbt. Therefore, check for a null cntbt cursor before that\nrevalidation, and mark the repair incomplete. Also we can ignore the\nsecond tree entirely if the first tree was rebuilt but is already\ncorrupt.\n\nApply the same fix to xrep_revalidate_iallocbt because it has the same\nproblem.", "title": "nvd - https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-23249" }, { "category": "other", "text": "0.00018", "title": "EPSS" }, { "category": "other", "text": "4.2", "title": "NCSC Score" }, { "category": "other", "text": "Is related to a product by vendor Suse", "title": "NCSC Score top increasing factors" }, { "category": "other", "text": "Is related to (a version of) an uncommon product, The value of the most recent EPSS score, Is related to a product by vendor Linux, Is related to a product by vendor Open Source", "title": "NCSC Score top decreasing factors" }, { "category": "details", "text": "Severity: 2\n", "title": "Vendor assessment" } ], "product_status": { "known_affected": [ "CSAFPID-1287321", "CSAFPID-5844604", "CSAFPID-5844605", "CSAFPID-5844606", "CSAFPID-5844607", "CSAFPID-1439319", "CSAFPID-1453381", "CSAFPID-1453382", "CSAFPID-2858634", "CSAFPID-2858635", "CSAFPID-1330297", "CSAFPID-1317174", "CSAFPID-1337880", "CSAFPID-1363258" ], "known_not_affected": [ "CSAFPID-1287322", "CSAFPID-5669083", "CSAFPID-5758112", "CSAFPID-5776391", "CSAFPID-5776392", "CSAFPID-1439315", "CSAFPID-1439317", "CSAFPID-1439321", "CSAFPID-1453376", "CSAFPID-1453377", "CSAFPID-1453378", "CSAFPID-1453379", "CSAFPID-1453380", "CSAFPID-2036022", "CSAFPID-2036023" ] }, "references": [ { "category": "external", "summary": "Source - cveprojectv5", "url": "https://www.cve.org/CVERecord?id=CVE-2026-23249" }, { "category": "external", "summary": "Source raw - cveprojectv5", "url": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/23xxx/CVE-2026-23249.json" }, { "category": "external", "summary": "Source - nvd", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23249" }, { "category": "external", "summary": "Source raw - nvd", "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-23249" }, { "category": "external", "summary": "Source - redhat", "url": "https://access.redhat.com/security/cve/CVE-2026-23249" }, { "category": "external", "summary": "Source raw - redhat", "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23249.json" }, { "category": "external", "summary": "Source - debian", "url": "https://security-tracker.debian.org/tracker/CVE-2026-23249" }, { "category": "external", "summary": "Source - certbundde", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0790.json" }, { "category": "external", "summary": "Source - nvd", "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-23249" }, { "category": "external", "summary": "Source - first", "url": "https://api.first.org/data/v1/epss?limit=10000&offset=0" }, { "category": "external", "summary": "Reference - cveprojectv5; nvd", "url": "https://git.kernel.org/stable/c/d69de525bc7ab27713342080bf50826df3f6a68f" }, { "category": "external", "summary": "Reference - cveprojectv5; nvd", "url": "https://git.kernel.org/stable/c/b04baa848c0543b240b1bd8aecff470382f6f154" }, { "category": "external", "summary": "Reference - cveprojectv5; nvd", "url": "https://git.kernel.org/stable/c/5991e96f2ae82df60a3e4ed00f3432d9f3502a99" }, { "category": "external", "summary": "Reference - cveprojectv5; nvd", "url": "https://git.kernel.org/stable/c/55e03b8cbe2783ec9acfb88e8adb946ed504e117" }, { "category": "external", "summary": "Reference - redhat", "url": "https://www.cve.org/CVERecord?id=CVE-2026-23249" }, { "category": "external", "summary": "Reference - redhat", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23249" }, { "category": "external", "summary": "Reference - redhat", "url": "https://lore.kernel.org/linux-cve-announce/2026031843-CVE-2026-23249-c309@gregkh/T" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0790.json" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0790" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://lore.kernel.org/linux-cve-announce/" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://lore.kernel.org/linux-cve-announce/2026031814-CVE-2025-71268-057a@gregkh/" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://lore.kernel.org/linux-cve-announce/2026031816-CVE-2025-71269-b47d@gregkh/" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://lore.kernel.org/linux-cve-announce/2026031816-CVE-2025-71270-19ac@gregkh/" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://lore.kernel.org/linux-cve-announce/2026031843-CVE-2026-23249-c309@gregkh/" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://lore.kernel.org/linux-cve-announce/2026031845-CVE-2026-23250-271e@gregkh/" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://lore.kernel.org/linux-cve-announce/2026031845-CVE-2026-23251-259a@gregkh/" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://lore.kernel.org/linux-cve-announce/2026031846-CVE-2026-23252-6bef@gregkh/" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://lore.kernel.org/linux-cve-announce/2026031846-CVE-2026-23253-b1c6@gregkh/" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://lore.kernel.org/linux-cve-announce/2026031817-CVE-2026-23254-6387@gregkh/" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://lore.kernel.org/linux-cve-announce/2026031817-CVE-2026-23255-fc51@gregkh/" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://lore.kernel.org/linux-cve-announce/2026031818-CVE-2026-23256-b93b@gregkh/" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://lore.kernel.org/linux-cve-announce/2026031818-CVE-2026-23257-bd18@gregkh/" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://lore.kernel.org/linux-cve-announce/2026031818-CVE-2026-23258-d181@gregkh/" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://lore.kernel.org/linux-cve-announce/2026031819-CVE-2026-23259-5bd7@gregkh/" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://lore.kernel.org/linux-cve-announce/2026031819-CVE-2026-23260-6464@gregkh/" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://lore.kernel.org/linux-cve-announce/2026031819-CVE-2026-23261-f757@gregkh/" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://lore.kernel.org/linux-cve-announce/2026031820-CVE-2026-23262-a421@gregkh/" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://lore.kernel.org/linux-cve-announce/2026031820-CVE-2026-23263-5c88@gregkh/" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://lore.kernel.org/linux-cve-announce/2026031820-CVE-2026-23264-fe5b@gregkh/" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://lore.kernel.org/linux-cve-announce/2026031853-CVE-2026-23265-6d01@gregkh/" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://lore.kernel.org/linux-cve-announce/2026031853-CVE-2026-23266-b57b@gregkh/" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://lore.kernel.org/linux-cve-announce/2026031811-CVE-2026-23267-ff55@gregkh/" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://lore.kernel.org/linux-cve-announce/2026031846-CVE-2026-23268-6be3@gregkh/" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://lore.kernel.org/linux-cve-announce/2026031846-CVE-2026-23269-2bf7@gregkh/" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://lore.kernel.org/linux-cve-announce/2026031847-CVE-2026-23270-cb9a@gregkh/" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024805.html" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024803.html" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024841.html" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024925.html" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024928.html" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024954.html" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024956.html" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024953.html" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://kb.igel.com/en/security-safety/current/isn-2026-07-apparmor-vulnerabilities" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025031.html" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://docs.cloud.google.com/support/bulletins#gcp-2026-015" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.0, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1287321", "CSAFPID-1317174", "CSAFPID-1330297", "CSAFPID-1337880", "CSAFPID-1363258", "CSAFPID-1439319", "CSAFPID-1453381", "CSAFPID-1453382", "CSAFPID-2858634", "CSAFPID-2858635", "CSAFPID-5844604", "CSAFPID-5844605", "CSAFPID-5844606", "CSAFPID-5844607" ] } ], "title": "CVE-2026-23249" } ] }