CVE-2026-23226

HIGH

Linux Kernel 6.3-6.18.10 - Use-After-Free in ksmbd_chann_list xarray

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: add chann_lock to protect ksmbd_chann_list xarray ksmbd_chann_list xarray lacks synchronization, allowing use-after-free in multi-channel sessions (between lookup_chann_list() and ksmbd_chann_del). Adds rw_semaphore chann_lock to struct ksmbd_session and protects all xa_load/xa_store/xa_erase accesses.

References (4)

Core 4

Core References

Vendor Advisory

https://git.kernel.org/stable/c/4c2ca31608521895dd742a43beca4b4d29762345

Patch

https://git.kernel.org/stable/c/e4a8a96a93d08570e0405cfd989a8a07e5b6ff33

Patch

https://git.kernel.org/stable/c/36ef605c0395b94b826a8c8d6f2697071173de6e

Vendor Advisory

https://git.kernel.org/stable/c/4f3a06cc57976cafa8c6f716646be6c79a99e485

Scores

CVSS v3 8.8

EPSS 0.0002

EPSS Percentile 6.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-416

Status published

Products (20)

linux/Kernel 6.19.0 - 6.19.1linux

linux/Kernel 6.3.0 - 6.18.11linux

Linux/Linux < 6.3

Linux/Linux 1d9c4172110e645b383ff13eee759728d74f1a5d - 36ef605c0395b94b826a8c8d6f2697071173de6e

Linux/Linux 1d9c4172110e645b383ff13eee759728d74f1a5d - 4c2ca31608521895dd742a43beca4b4d29762345

Linux/Linux 1d9c4172110e645b383ff13eee759728d74f1a5d - 4f3a06cc57976cafa8c6f716646be6c79a99e485

Linux/Linux 1d9c4172110e645b383ff13eee759728d74f1a5d - e4a8a96a93d08570e0405cfd989a8a07e5b6ff33

Linux/Linux 5.15.145 - 5.16

Linux/Linux 6.1.29 - 6.2

Linux/Linux 6.12.77 - 6.12.*

... and 10 more

Published Feb 18, 2026

Tracked Since Feb 18, 2026