SB20260325138 - Use After Free in Linux kernel bpf
Published: March 25, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use After Free (CVE-ID: CVE-2026-23319)
The vulnerability allows a local user to execute arbitrary code or escalate privileges.
The vulnerability exists due to a use-after-free in the bpf_trampoline_link_cgroup_shim component when handling BPF trampoline link operations. A local user can trigger a race condition to exploit a dangling reference in the cgroup shim trampoline program list and achieve arbitrary code execution or privilege escalation.
The issue arises because the reference count is reduced to zero and the resource is released before all references are fully cleaned up, creating a window where an already-freed resource can be accessed.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/3eeddb80191f7626ec1ef742bfff51ec3b0fa5c2
- https://git.kernel.org/stable/c/4e8a0005d633a4adc98e3b65d5080f93b90d356b
- https://git.kernel.org/stable/c/529e685e522b9d7fb379dbe6929dcdf520e34c8c
- https://git.kernel.org/stable/c/56145d237385ca0e7ca9ff7b226aaf2eb8ef368b
- https://git.kernel.org/stable/c/9b02c5c4147f8af8ed783c8deb5df927a55c3951
- https://git.kernel.org/stable/c/cfcfa0ca0212162aa472551266038e8fd6768cff