SB2026032077 - Use After Free in Linux kernel io_uring

Description

This security bulletin contains information about 1 security vulnerability.

1) Use After Free (CVE-ID: CVE-2026-23275)

The vulnerability allows a local user to execute arbitrary code or escalate privileges.

The vulnerability exists due to a use-after-free in io_uring component when handling task work flags manipulation during ring resizing. A local user can exploit this by triggering specific io_uring operations that manipulate task work flags while ring resizing occurs, leading to access to previously freed memory.

The vulnerability specifically affects configurations using DEFER_TASKRUN mode, which supports ring resizing. Exploitation requires the ability to create and manipulate io_uring rings, typically available to unprivileged users in modern Linux distributions.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/46dc07d5f31411cc023f3bf1f4a23a07bf6e0ed1
• https://git.kernel.org/stable/c/7cc4530b3e952d4a5947e1e55d06620d8845d4f5
• https://git.kernel.org/stable/c/96189080265e6bb5dde3a4afbaf947af493e3f82