CVE-2026-22995Use After Free in Linux

CWE-416Use After Free6 documents6 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 94.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedJan 23

Description

In the Linux kernel, the following vulnerability has been resolved: ublk: fix use-after-free in ublk_partition_scan_work A race condition exists between the async partition scan work and device teardown that can lead to a use-after-free of ub->ub_disk: 1. ublk_ctrl_start_dev() schedules partition_scan_work after add_disk() 2. ublk_stop_dev() calls ublk_stop_dev_unlocked() which does: - del_gendisk(ub->ub_disk) - ublk_detach_disk() sets ub->ub_disk = NULL - put_disk() which may free the disk 3

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDlinux/linux_kernel6.18.46.18.6+1
Debianlinux/linux_kernel< 6.18.8-1
CVEListV5linux/linux63dfbcd59b4b823eac4441efff10b1c303c8f49f72e28774e9644c2bdbb4920842fbf77103a15a85+2
debiandebian/linux< linux 6.18.8-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-hm7g-g733-g35g: In the Linux kernel, the following vulnerability has been resolved: ublk: fix use-after-free in ublk_partition_scan_work A race condition exists bet2026-01-23
OSV
CVE-2026-22995: In the Linux kernel, the following vulnerability has been resolved: ublk: fix use-after-free in ublk_partition_scan_work A race condition exists betwe2026-01-23

📋Vendor Advisories

2
Red Hat
kernel: ublk: fix use-after-free in ublk_partition_scan_work2026-01-23
Debian
CVE-2026-22995: linux - In the Linux kernel, the following vulnerability has been resolved: ublk: fix u...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-22995 Impact, Exploitability, and Mitigation Steps | Wiz