CVE-2026-23056

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel’s user-space accelerated copy engine (uacce) implementation lacks support for the mremap operation within the vm operations struct. Implementing .mremap to return -EPERM informs users that the operation is not supported. Without this explicit disabling, the default mremap method is used, which can lead to a double-free condition. Specifically, an application could mmap address p1, then mremap to p2, followed by munmap(p1), and finally munmap(p2). The default mremap copies the original vma’s vm private data (represented as q) to the new vma. Consequently, both munmap operations trigger vma close, resulting in the q->qfr being freed twice. The qfr is set to null during the release, mitigating the impact, but still representing a potential issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-23056

ECHO-6E07-662D-4BA4

OPENSUSE-SU-2026:20416-1

SUSE-SU-2026:0962-1

SUSE-SU-2026:1081-1

SUSE-SU-2026:20667-1

SUSE-SU-2026:20720-1

SUSE-SU-2026:20838-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

SUSE-SU-2026:20931-1

SUSE-SU-2026:21284-1

USN-8162-1

USN-8180-1

USN-8180-2

USN-8180-3

USN-8180-4

USN-8180-5

USN-8180-6

USN-8186-1

USN-8187-1

USN-8188-1

USN-8243-1

USN-8275-1

USN-8278-1

USN-8289-1

USN-8296-1

USN-8297-1

Affected Products

Linuxmint

Linux Kernel

Ubuntu

CVE-2026-23056

Related Identifiers

Affected Products

References · 2151