CVE-2026-23248 — Improper Update of Reference Count in Linux
Severity
7.8HIGHNVD
EPSS
0.0%
top 97.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 18
Description
In the Linux kernel, the following vulnerability has been resolved:
perf/core: Fix refcount bug and potential UAF in perf_mmap
Syzkaller reported a refcount_t: addition on 0; use-after-free warning
in perf_mmap.
The issue is caused by a race condition between a failing mmap() setup
and a concurrent mmap() on a dependent event (e.g., using output
redirection).
In perf_mmap(), the ring_buffer (rb) is allocated and assigned to
event->rb with the mmap_mutex held. The mutex is then released to
pe…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages3 packages
▶CVEListV5linux/linuxb709eb872e19a19607bbb6d2975bc264d59735cf — c27dea9f50ed525facb62ef647dddc4722456e07+3
🔴Vulnerability Details
4GHSA▶
GHSA-78fw-h7fp-fffh: In the Linux kernel, the following vulnerability has been resolved:
perf/core: Fix refcount bug and potential UAF in perf_mmap
Syzkaller reported a↗2026-03-18
OSV▶
CVE-2026-23248: In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix refcount bug and potential UAF in perf_mmap Syzkaller reported a re↗2026-03-18