CVE-2026-23415

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

In the Linux kernel, the following vulnerability has been resolved:

futex: Fix UaF between futex key to node opt() and vma replace policy()

During futex key to node opt() execution, vma->vm policy is read under speculative mmap lock and RCU. Concurrently, mbind() may call vma replace policy() which frees the old mempolicy immediately via kmem cache free().

This creates a race where futex key to node() dereferences a freed mempolicy pointer, causing a use-after-free read of mpol->mode.

[ 151.412631] BUG: KASAN: slab-use-after-free in futex key to node (kernel/futex/core.c:349) [ 151.414046] Read of size 2 at addr ffff888001c49634 by task e/87

[ 151.415969] Call Trace:

[ 151.416732] asan load2 (mm/kasan/generic.c:271) [ 151.416777] futex key to node (kernel/futex/core.c:349) [ 151.416822] get futex key (kernel/futex/core.c:374 kernel/futex/core.c:386 kernel/futex/core.c:593)

Fix by adding rcu to mpol put().

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-23415

Affected Products

Linux

CVE-2026-23415

Related Identifiers

Affected Products

References · 4