CVE-2026-23224

CWE-416Use After Free8 documents8 sources
Severity
7.8HIGH
EPSS
0.0%
top 96.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux LinuxLinux Linux Kernel
Timeline
PublishedFeb 18

Description

In the Linux kernel, the following vulnerability has been resolved: erofs: fix UAF issue for file-backed mounts w/ directio option [ 9.269940][ T3222] Call trace: [ 9.269948][ T3222] ext4_file_read_iter+0xac/0x108 [ 9.269979][ T3222] vfs_iocb_iter_read+0xac/0x198 [ 9.269993][ T3222] erofs_fileio_rq_submit+0x12c/0x180 [ 9.270008][ T3222] erofs_fileio_submit_bio+0x14/0x24 [ 9.270030][ T3222] z_erofs_runqueue+0x834/0x8ac [ 9.270054][ T3222] z_erofs_read_folio+0x120/0x220 [ 9.270083][ T3222] filem

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDlinux/linux_kernel6.126.12.72+2
CVEListV5linux/linuxfb176750266a3d7f42ebdcf28e8ba40350b27847ae385826840a3c8e09bf38cac90adcd690716f57+4
Debianlinux< 6.12.73-1+1

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
CVEList
erofs: fix UAF issue for file-backed mounts w/ directio option2026-02-18
OSV
CVE-2026-23224: In the Linux kernel, the following vulnerability has been resolved: erofs: fix UAF issue for file-backed mounts w/ directio option [ 92026-02-18
GHSA
GHSA-8j5g-3q2r-xfjh: In the Linux kernel, the following vulnerability has been resolved: erofs: fix UAF issue for file-backed mounts w/ directio option [ 92026-02-18

📋Vendor Advisories

3
Red Hat
kernel: Linux kernel erofs: Denial of Service via Use-After-Free in file-backed directio mounts2026-02-18
Microsoft
erofs: fix UAF issue for file-backed mounts w/ directio option2026-02-10
Debian
CVE-2026-23224: linux - In the Linux kernel, the following vulnerability has been resolved: erofs: fix ...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23224 Impact, Exploitability, and Mitigation Steps | Wiz