#VU124944 Use-after-free in Linux kernel - CVE-2026-23427
Published: April 6, 2026
Vulnerability identifier: #VU124944
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-23427
CWE-ID: CWE-416
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to use-after-free in parse_durable_handle_context() when handling a DURABLE_REQ_V2 context with SMB2_FLAGS_REPLAY_OPERATION. A remote attacker can send a specially crafted replay request to cause a denial of service.
The issue occurs during durable v2 replay of active file handles because an active file handle connection pointer can be overwritten and later dereferenced after the overwriting connection is freed.
Remediation
Install security update from vendor's repository.
External links
- https://git.kernel.org/stable/c/568a25fd7bcdfb2790f7d42aa2a440dca4435c96
- https://git.kernel.org/stable/c/9b0792c3eacf01e67f356d6ef9707b0ae5022419
- https://git.kernel.org/stable/c/a5828c14a9e3d5eeed0bcc0a58f0f3fbca0cdcb2
- https://git.kernel.org/stable/c/b0158d9d6f4ec5941e49a0b812735db2844f9975
- https://git.kernel.org/stable/c/b425e4d0eb321a1116ddbf39636333181675d8f4