CVE-2026-23226

HIGH EPSS 33.9%
Published Feb 18, 20264mo ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published Feb 18, 2026 4mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: add chann_lock to protect ksmbd_chann_list xarray ksmbd_chann_list xarray lacks synchronization, allowing use-after-free in multi-channel sessions (between lookup_chann_list() and ksmbd_chann_del). Adds rw_semaphore chann_lock to struct ksmbd_session and protects all xa_load/xa_store/xa_erase accesses.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
33.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 2

VendorProductVersionRange
linuxlinux_kernel*≥6.3  –  <6.18.11
linuxlinux_kernel*≥6.19  –  <6.19.1

References 4

  • git.kernel.org https://git.kernel.org/stable/c/36ef605c0395b94b826a8c8d6f2697071173de6e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4c2ca31608521895dd742a43beca4b4d29762345
  • git.kernel.org https://git.kernel.org/stable/c/4f3a06cc57976cafa8c6f716646be6c79a99e485
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e4a8a96a93d08570e0405cfd989a8a07e5b6ff33
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/36ef605c0395b94b826a8c8d6f2697071173de6e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4f3a06cc57976cafa8c6f716646be6c79a99e485
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e4a8a96a93d08570e0405cfd989a8a07e5b6ff33
    Patch