Use-after-free in Linux kernel - CVE-2026-23427
Published: April 6, 2026
Vulnerability identifier: #VU124944
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-23427
CWE-ID: CWE-416
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to use-after-free in parse_durable_handle_context() when handling a DURABLE_REQ_V2 context with SMB2_FLAGS_REPLAY_OPERATION. A remote attacker can send a specially crafted replay request to cause a denial of service.
The issue occurs during durable v2 replay of active file handles because an active file handle connection pointer can be overwritten and later dereferenced after the overwriting connection is freed.
How to mitigate CVE-2026-23427
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/568a25fd7bcdfb2790f7d42aa2a440dca4435c96
- https://git.kernel.org/stable/c/9b0792c3eacf01e67f356d6ef9707b0ae5022419
- https://git.kernel.org/stable/c/a5828c14a9e3d5eeed0bcc0a58f0f3fbca0cdcb2
- https://git.kernel.org/stable/c/b0158d9d6f4ec5941e49a0b812735db2844f9975
- https://git.kernel.org/stable/c/b425e4d0eb321a1116ddbf39636333181675d8f4