CVE-2026-23195
Use-After-Free Vulnerability in Linux Kernel cgroup/dmem Component
Publication date: 2026-02-14
Last updated on: 2026-04-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | From 6.14 (inc) to 6.18.10 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-416 | The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Use-After-Free (UAF) issue in the Linux kernel's cgroup/dmem subsystem. It occurs because a memory pool can still be referenced by a caller even after its associated memory region has been unregistered and freed. The current implementation frees the pool even if users still hold references to it, which can lead to accessing freed memory.
The problem was observed as a slab-use-after-free error detected by KASAN (Kernel Address Sanitizer) during a write operation. The fix involves adding a reference counter to each pool to ensure that the pool is only freed when no references remain.
How can this vulnerability impact me? :
This vulnerability can lead to memory corruption or instability in the Linux kernel, potentially causing crashes or unpredictable behavior. Since it involves use-after-free, it might be exploitable to execute arbitrary code or escalate privileges, depending on the context and attacker capabilities.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability manifests as a use-after-free (UAF) issue in the Linux kernel's cgroup/dmem subsystem, which can trigger kernel address sanitizer (KASAN) reports. Detection typically involves monitoring kernel logs for KASAN error messages indicating slab-use-after-free in the function page_counter_uncharge.
You can check your system logs (e.g., using dmesg or journalctl) for messages similar to the following indicative of this vulnerability:
- dmesg | grep -i 'KASAN: slab-use-after-free'
- journalctl -k | grep -i 'page_counter_uncharge'
Additionally, monitoring for crashes or warnings related to the insmod command or kernel modules may help detect attempts to trigger this issue.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is resolved by a patch that adds a reference counter to each memory pool in the cgroup/dmem subsystem, preventing premature freeing of memory still in use.
Immediate mitigation steps include:
- Update your Linux kernel to a version that includes the fix for this vulnerability (post 6.19.0-rc7-next-20260129+).
- Avoid loading untrusted or out-of-tree kernel modules (as indicated by the tainted kernel state in the report) until the patch is applied.
- Monitor kernel logs for related errors and avoid operations that trigger the vulnerability, such as insmod commands on vulnerable kernels.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know