CVE-2026-23184

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.19.0-rc6-00015-gc03e9c42ae8f

Description The Linux kernel contains a use-after-free issue within the binder subsystem, specifically in the binder netlink report() function. Oneway transactions sent to frozen targets can return a BR TRANSACTION PENDING FROZEN error, but are incorrectly treated as successful. This allows for unsafe access to transaction data ('t') after the error, potentially leading to a crash. The issue was identified through a KASAN report indicating a slab-use-after-free condition. The fix involves creating a transaction copy to ensure safe data access by binder netlink report() following a pending frozen error. The vulnerable function is binder netlink report().

Recommendations Update to Linux kernel version 6.19.0-rc6-00015-gc03e9c42ae8f or a later version to address this issue.