CVE-2026-23096
Unknown Unknown - Not Provided

Use-After-Free in Linux Kernel uacce cdev Cleanup Causes Hang

Vulnerability report for CVE-2026-23096, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-04

Last updated on: 2026-03-18

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: uacce: fix cdev handling in the cleanup path When cdev_device_add fails, it internally releases the cdev memory, and if cdev_device_del is then executed, it will cause a hang error. To fix it, we check the return value of cdev_device_add() and clear uacce->cdev to avoid calling cdev_device_del in the uacce_remove.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-04
Last Modified
2026-03-18
Generated
2026-07-06
AI Q&A
2026-02-04
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 12 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel From 5.11 (inc) to 5.15.199 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.162 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.122 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.68 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.8 (exc)
linux linux_kernel 6.19
linux linux_kernel From 5.7 (inc) to 5.10.249 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's uacce component related to character device (cdev) handling during cleanup. Specifically, when the function cdev_device_add fails, it releases the cdev memory internally. However, if cdev_device_del is subsequently called, it causes a hang error. The fix involves checking the return value of cdev_device_add and clearing the uacce->cdev pointer to prevent calling cdev_device_del in the uacce_remove function, thereby avoiding the hang.

Impact Analysis

This vulnerability can cause the system to hang or become unresponsive when certain cleanup operations involving character devices are performed. This may lead to system instability or denial of service conditions if the affected code path is triggered.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23096. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart