CVE-2026-23415

Name of the Vulnerable Software and Affected Versions Linux Kernel (affected versions not specified)

Description A use-after-free issue exists in the Linux kernel related to futex functionality, specifically between futex key to node opt() and vma replace policy(). The issue occurs when vma->vm policy is read speculatively under a memory management lock and Read-Copy-Update (RCU). Simultaneously, mbind() may call vma replace policy(), which frees the old memory policy immediately. This creates a race condition where futex key to node() dereferences a freed memory policy pointer, leading to a use-after-free read of mpol->mode. This can lead to a kernel crash.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.