CVE-2026-23224

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The EROFS filesystem may experience a use-after-free (UAF) condition when a file-backed mount with the directio option is enabled. This can lead to a system panic. The issue arises from a race condition where a bio structure is freed while still being accessed, specifically within the file accessed() function. The vulnerability occurs during the completion of an I/O operation, where a reference count is introduced in the erofs fileio rq structure to manage the lifecycle of the request. The erofs fileio ki complete() and erofs fileio rq submit() functions decrement this reference count, and the request is freed when the count reaches zero.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.