CVE-2026-23319

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a use-after-free issue in the bpf trampoline link cgroup shim function. The root cause is a race condition where a resource is released but may still be referenced, leading to a use-after-free condition if accessed by another process. Specifically, when bpf link put reduces the refcount of shim link->link.link to zero, the resource is considered released, but it may still be referenced via tr->progs hlist in cgroup shim find. The fix involves adding an atomic non-zero check in bpf trampoline link cgroup shim to only increment the refcount if it is not already zero. Testing involved adding a delay in bpf shim tramp link release to make the bug easier to trigger, which reliably reproduced the crash before the patch.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.