CVE-2026-23096

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux Kernel (affected versions not specified)

Description A flaw exists in the Linux kernel related to the handling of character devices within the uacce module. Specifically, a use-after-free condition can occur during the cleanup process when cdev device add fails. If cdev device add fails, the associated memory is released, and subsequent execution of cdev device del leads to a hang error. The issue arises from failing to check the return value of cdev device add() and subsequently attempting to call cdev device del in the uacce remove function.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-23096

ECHO-CA1C-AB12-2AB3

OESA-2026-1863

OESA-2026-2176

OPENSUSE-SU-2026:20416-1

SUSE-SU-2026:0962-1

SUSE-SU-2026:1081-1

SUSE-SU-2026:20667-1

SUSE-SU-2026:20720-1

SUSE-SU-2026:20838-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

SUSE-SU-2026:20931-1

SUSE-SU-2026:21284-1

USN-8162-1

USN-8180-1

USN-8180-2

USN-8180-3

USN-8180-4

USN-8180-5

USN-8180-6

USN-8186-1

USN-8187-1

USN-8188-1

USN-8243-1

USN-8275-1

USN-8278-1

USN-8289-1

USN-8296-1

USN-8297-1

Affected Products

Linux Kernel

Linuxmint

Ubuntu

CVE-2026-23096

Related Identifiers

Affected Products

References · 2223