CVE-2026-23432

HIGH

mshv: Fix use-after-free in mshv_map_user_memory error path

Title source: cna

Description

In the Linux kernel, the following vulnerability has been resolved: mshv: Fix use-after-free in mshv_map_user_memory error path In the error path of mshv_map_user_memory(), calling vfree() directly on the region leaves the MMU notifier registered. When userspace later unmaps the memory, the notifier fires and accesses the freed region, causing a use-after-free and potential kernel panic. Replace vfree() with mshv_partition_put() to properly unregister the MMU notifier before freeing the region.

References (2)

https://git.kernel.org/stable/c/34861bdc0c0196b6c2dd48f7454029407704ff6e

https://git.kernel.org/stable/c/6922db250422a0dfee34de322f86b7a73d713d33

Scores

CVSS v3 7.8

EPSS 0.0001

EPSS Percentile 2.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-416

Status published

Products (10)

Linux/Linux < 6.19

Linux/Linux 6.19

Linux/Linux 6.19.10 - 6.19.*

Linux/Linux 7.0

Linux/Linux 7.0-rc5

Linux/Linux b9a66cd5ccbb9fade15d0e427e19470d8ad35b75 - 34861bdc0c0196b6c2dd48f7454029407704ff6e

Linux/Linux b9a66cd5ccbb9fade15d0e427e19470d8ad35b75 - 6922db250422a0dfee34de322f86b7a73d713d33

linux/linux_kernel 6.19

linux/linux_kernel 7.0 rc1 (7 CPE variants)

linux/linux_kernel 6.19.1 - 6.19.10

Published Apr 03, 2026

Tracked Since Apr 03, 2026