Is there a patch available for CVE-2026-23259?

Yes, a patch is available for CVE-2026-23259. Update the affected software to the latest version immediately.

Linux Kernel CVE-2026-23259

EUVD-2026-12892

2026-03-18 Linux

Denial Of Service Linux Memory Corruption Debian Linux Kernel

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 18, 2026 - 18:00 euvd

EUVD-2026-12892

Analysis Generated

Mar 18, 2026 - 18:00 vuln.today

CVE Published

Mar 18, 2026 - 17:41 nvd

N/A

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

io_uring/rw: free potentially allocated iovec on cache put failure

If a read/write request goes through io_req_rw_cleanup() and has an allocated iovec attached and fails to put to the rw_cache, then it may end up with an unaccounted iovec pointer. Have io_rw_recycle() return whether it recycled the request or not, and use that to gauge whether to free a potential iovec or not.

AnalysisAI

A memory management vulnerability exists in the Linux kernel's io_uring subsystem where allocated iovec buffers may fail to be properly freed when a read/write request cannot be recycled back to the rw_cache. This affects all Linux kernel versions with the vulnerable io_uring/rw code path, potentially allowing local attackers to trigger memory leaks that degrade system performance or enable denial of service conditions. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-47269 HIGH This Week

7.4 May 27

Authentication-context bypass in pam_usb before 0.9.0 lets a person holding an enrolled USB device authenticate over SSH

CVE-2026-47334 MEDIUM This Month

5.5 May 28

Kernel availability loss in Ubuntu Linux 6.8, 6.17, and 7.0 can be triggered by any unprivileged local user via a defect

CVE-2026-47335 MEDIUM This Month

5.5 May 28

Kernel panic via NULL pointer dereference in Ubuntu Linux 6.8's AppArmor notification handler allows a locally authentic

CVE-2026-47271 MEDIUM This Month

5.1 May 27

pam_usb prior to 0.9.0 crashes under memory pressure due to assert()-based OOM guards in src/mem.c that are silently str

CVE-2026-47327 LOW Monitor

3.3 May 28

NULL pointer dereference in Ubuntu Linux kernel versions 6.8, 6.17, and 7.0 allows a local unprivileged user to crash th

Vendor StatusVendor

Debian

linux

Release	Status	Fixed Version	Urgency
bullseye	vulnerable	5.10.223-1	-
bullseye (security)	vulnerable	5.10.251-1	-
bookworm	vulnerable	6.1.159-1	-
bookworm (security)	vulnerable	6.1.164-1	-
trixie	vulnerable	6.12.73-1	-
trixie (security)	vulnerable	6.12.74-2	-
forky	fixed	6.19.6-2	-
sid	fixed	6.19.8-1	-
(unstable)	fixed	6.18.10-1	-

CVE-2026-23259 vulnerability details – vuln.today

Back