#VU124518 Use After Free in Linux kernel - CVE-2026-23322
Published: March 25, 2026
Vulnerability identifier: #VU124518
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-23322
CWE-ID: CWE-416
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to execute arbitrary code or cause a denial of service.
The vulnerability exists due to use-after-free in the IPMI subsystem when handling message sending errors. A local user can trigger a sequence of sender errors to cause list corruption and use-after-free, leading to memory corruption and potential arbitrary code execution or system crash.
Exploitation requires the ability to send messages through the IPMI interface, which is typically accessible to local users with appropriate permissions.
Remediation
Install security update from vendor's repository.