CVE-2026-23344

HIGH

Linux - Use After Free

Title source: rule

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix use-after-free on error path In the error path of sev_tsm_init_locked(), the code dereferences 't' after it has been freed with kfree(). The pr_err() statement attempts to access t->tio_en and t->tio_init_done after the memory has been released. Move the pr_err() call before kfree(t) to access the fields while the memory is still valid. This issue reported by Smatch static analyser

References (2)

https://git.kernel.org/stable/c/79a26fe3175b9ed7c0c9541b197cb9786237c0f7

https://git.kernel.org/stable/c/889b0e2721e793eb46cf7d17b965aa3252af3ec8

Scores

CVSS v3 7.8

EPSS 0.0002

EPSS Percentile 4.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-416

Status published

Products (11)

linux/Kernel 6.19.0 - 6.19.7linux

Linux/Linux < 6.19

Linux/Linux 4be423572da1f4c11f45168e3fafda870ddac9f8 - 79a26fe3175b9ed7c0c9541b197cb9786237c0f7

Linux/Linux 4be423572da1f4c11f45168e3fafda870ddac9f8 - 889b0e2721e793eb46cf7d17b965aa3252af3ec8

Linux/Linux 6.19

Linux/Linux 6.19.7 - 6.19.*

Linux/Linux 7.0

Linux/Linux 7.0-rc3

linux/linux_kernel 6.19

linux/linux_kernel 7.0 rc1 (7 CPE variants)

... and 1 more

Published Mar 25, 2026

Tracked Since Mar 25, 2026