CVE-2026-23192

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a use-after-free issue within the linkwatch functionality. Specifically, the issue arises from the improper handling of device reference counts after linkwatch do dev() calls dev put(). This can lead to the device being freed while still being accessed by linkwatch run queue(), resulting in a use-after-free condition when attempting to call netdev unlock ops() on the already-freed device. The issue can be triggered by adding and deleting a tun interface and can be reproduced with the provided steps. A KASAN report confirms the use-after-free in netdev need ops lock.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.