SB20260320114 - Use After Free in Linux kernel events

Description

This security bulletin contains information about 1 security vulnerability.

1) Use After Free (CVE-ID: CVE-2026-23248)

The vulnerability allows a local user to execute arbitrary code or escalate privileges.

The vulnerability exists due to a use-after-free in the perf_mmap component when handling concurrent mmap() operations on dependent events. A local user can trigger a race condition during failing mmap() setup to execute arbitrary code or escalate privileges.

The vulnerability specifically involves improper synchronization in the ring buffer reference counting mechanism, where dropping the mmap_mutex before map_range() allows a concurrent thread to access a partially initialized or freed ring buffer. Exploitation requires concurrent access to perf events, such as through inherited events or output redirection, and may require low-privileged local access.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/77de62ad3de3967818c3dbe656b7336ebee461d2
• https://git.kernel.org/stable/c/ac7ecb65af170a7fc193e7bd8be15dac84ec6a56
• https://git.kernel.org/stable/c/c27dea9f50ed525facb62ef647dddc4722456e07