CVE-2026-23322

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw related to improper handling of error responses within the Intelligent Platform Management Interface (IPMI) component. Specifically, when the System Management Interrupt (SMI) sender encounters an error, the smi work() function delivers an error response but fails to properly clean up resources. This results in the intf->curr msg variable not being cleared, allowing the same message to be processed repeatedly. Subsequent calls to sender() with the same message can lead to list corruption, specifically a double addition to the user msgs list. This corruption ultimately causes a use-after-free condition when the memory is freed and reused, potentially leading to a NULL pointer dereference when accessing recv msg->done. The issue stems from failing to free the message and setting it to NULL upon a send error, as well as failing to free newmsg on a send error, resulting in a memory leak.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.