CVE-2026-23221

CWE-416Use After FreeCWE-6638 documents8 sources
Severity
7.8HIGH
EPSS
0.0%
top 97.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux LinuxLinux Linux Kernel
Timeline
PublishedFeb 18

Description

In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: fix use-after-free in driver_override_show() The driver_override_show() function reads the driver_override string without holding the device_lock. However, driver_override_store() uses driver_set_override(), which modifies and frees the string while holding the device_lock. This can result in a concurrent use-after-free if the string is freed by the store function while being read by the show function. Fix this

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDlinux/linux_kernel5.105.15.201+5
CVEListV5linux/linux1f86a00c1159fd77e66b1bd6ff1a183f4d46f34dc71dfb7833db7af652ee8f65011f14c97c47405d+7
Debianlinux< 6.1.164-1+2
Debianlinux-6.1< 6.1.164-1~deb11u1

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
CVEList
bus: fsl-mc: fix use-after-free in driver_override_show()2026-02-18
GHSA
GHSA-jp99-8xc8-367m: In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: fix use-after-free in driver_override_show() The driver_override_sh2026-02-18
OSV
CVE-2026-23221: In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: fix use-after-free in driver_override_show() The driver_override_show2026-02-18

📋Vendor Advisories

3
Red Hat
kernel: bus: fsl-mc: fix use-after-free in driver_override_show()2026-02-18
Microsoft
bus: fsl-mc: fix use-after-free in driver_override_show()2026-02-10
Debian
CVE-2026-23221: linux - In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23221 Impact, Exploitability, and Mitigation Steps | Wiz