CVE-2026-23225

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the MMCID management code related to handling CPU ID (CID) transitions. Specifically, the issue arises when a task exits while in a transitional state, leading to an out-of-bounds access during CID removal. The sched mm cid exit() function incorrectly assumes the CID is CPU-owned, potentially causing issues when the TRANSIT flag is set. This can occur when a task switches between per-CPU and per-task CID modes without proper synchronization, resulting in a use-after-free condition. The vulnerability was identified through KASAN (Kernel Address Sanitizer) and reported by Shinichiro.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.