CVE-2026-23158

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free issue exists in the gpio-virtuser configfs release path. The device structure is freed before the guard cleanup runs, causing mutex unlock() to operate on freed memory. Specifically, gpio virtuser device config group release() destroys the mutex and frees the device while still within the guard(mutex) scope. When the function returns, the guard cleanup invokes mutex unlock(&dev->lock), resulting in a slab use-after-free. The issue is related to the improper lifetime management of a mutex within the configfs release path.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.