Use After Free in Linux kernel - CVE-2026-23319
Published: March 25, 2026
Vulnerability identifier: #VU124530
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-23319
CWE-ID: CWE-416
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to execute arbitrary code or escalate privileges.
The vulnerability exists due to a use-after-free in the bpf_trampoline_link_cgroup_shim component when handling BPF trampoline link operations. A local user can trigger a race condition to exploit a dangling reference in the cgroup shim trampoline program list and achieve arbitrary code execution or privilege escalation.
The issue arises because the reference count is reduced to zero and the resource is released before all references are fully cleaned up, creating a window where an already-freed resource can be accessed.
How to mitigate CVE-2026-23319
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/3eeddb80191f7626ec1ef742bfff51ec3b0fa5c2
- https://git.kernel.org/stable/c/4e8a0005d633a4adc98e3b65d5080f93b90d356b
- https://git.kernel.org/stable/c/529e685e522b9d7fb379dbe6929dcdf520e34c8c
- https://git.kernel.org/stable/c/56145d237385ca0e7ca9ff7b226aaf2eb8ef368b
- https://git.kernel.org/stable/c/9b02c5c4147f8af8ed783c8deb5df927a55c3951
- https://git.kernel.org/stable/c/cfcfa0ca0212162aa472551266038e8fd6768cff