Skip to main content

Linux CVE-2026-23344

| EUVDEUVD-2026-15311 HIGH
Use After Free (CWE-416)
2026-03-25 Linux GHSA-466m-2wp7-q9q9
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SUSE
5.2 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 24, 2026 - 18:22 vuln.today
cvss_changed
CVSS changed
Apr 24, 2026 - 18:22 NVD
7.8 (HIGH)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 25, 2026 - 10:45 euvd
EUVD-2026-15311
Analysis Generated
Mar 25, 2026 - 10:45 vuln.today
CVE Published
Mar 25, 2026 - 10:27 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

crypto: ccp - Fix use-after-free on error path

In the error path of sev_tsm_init_locked(), the code dereferences 't' after it has been freed with kfree(). The pr_err() statement attempts to access t->tio_en and t->tio_init_done after the memory has been released.

Move the pr_err() call before kfree(t) to access the fields while the memory is still valid.

This issue reported by Smatch static analyser

AnalysisAI

A use-after-free vulnerability exists in the Linux kernel's crypto subsystem (CCP driver) within the sev_tsm_init_locked() function error path, where a pr_err() statement dereferences freed memory to access structure fields t->tio_en and t->tio_init_done after kfree(t) has been executed. This vulnerability can lead to information disclosure by reading freed memory contents. The issue affects Linux kernel versions across distributions using the affected CCP crypto driver code and was identified by the Smatch static analyzer.

Technical ContextAI

The vulnerability resides in the Linux kernel's AMD Secure Processor (SEV/TSM) initialization code within the crypto/ccp subsystem. The root cause is a use-after-free memory access defect (CWE-416), a critical memory safety issue where the code attempts to dereference a pointer to memory that has already been freed. Specifically, in the error handling path of sev_tsm_init_locked(), the function calls kfree(t) to deallocate the structure 't', but subsequently calls pr_err() to log an error message that references t->tio_en and t->tio_init_done fields. This is a common memory safety violation in C kernel code where error path cleanup is not properly sequenced. The affected products are identified via CPE as cpe:2.3:a:linux:linux (all versions), indicating this affects all Linux distributions using vulnerable kernel versions prior to the patch.

RemediationAI

Upgrade to a Linux kernel version that includes patches 79a26fe3175b9ed7c0c9541b197cb9786237c0f7 or 889b0e2721e793eb46cf7d17b965aa3252af3ec8 from the Linux stable repository (https://git.kernel.org/stable/c/79a26fe3175b9ed7c0c9541b197cb9786237c0f7). Consult your Linux distribution's security advisory for the specific kernel version containing this fix—Red Hat, Ubuntu, Debian, and SUSE will provide backported packages for their supported kernel versions. As a workaround pending patching, restrict access to SEV/TSM initialization code paths by disabling SEV functionality if not required, or isolate systems using TSM/SEV to trusted networks only. Apply the patch at the earliest convenient maintenance window, prioritizing systems that actively use AMD Secure Processor or SEV-TSM features.

Vendor StatusVendor

Debian

linux
Release Status Fixed Version Urgency
bullseye not-affected - -
bullseye (security) fixed 5.10.251-1 -
bookworm not-affected - -
bookworm (security) fixed 6.1.164-1 -
trixie not-affected - -
trixie (security) fixed 6.12.74-2 -
forky, sid fixed 6.19.8-1 -
(unstable) fixed 6.19.8-1 -

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-23344 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy