CVE-2026-23344Expired Pointer Dereference in Linux

CWE-825Expired Pointer Dereference8 documents7 sources
Severity
5.3MEDIUM
No vector
EPSS
0.0%
top 93.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxLinux Kernel
Timeline
PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix use-after-free on error path In the error path of sev_tsm_init_locked(), the code dereferences 't' after it has been freed with kfree(). The pr_err() statement attempts to access t->tio_en and t->tio_init_done after the memory has been released. Move the pr_err() call before kfree(t) to access the fields while the memory is still valid. This issue reported by Smatch static analyser

Affected Packages3 packages

Linuxlinux/linux_kernel6.19.06.19.7
Debianlinux/linux_kernel< 6.19.8-1
CVEListV5linux/linux4be423572da1f4c11f45168e3fafda870ddac9f879a26fe3175b9ed7c0c9541b197cb9786237c0f7+2

🔴Vulnerability Details

4
GHSA
GHSA-466m-2wp7-q9q9: In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix use-after-free on error path In the error path of sev_tsm_init2026-03-25
OSV
crypto: ccp - Fix use-after-free on error path2026-03-25
CVEList
crypto: ccp - Fix use-after-free on error path2026-03-25
OSV
CVE-2026-23344: In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix use-after-free on error path In the error path of sev_tsm_init_l2026-03-25

📋Vendor Advisories

2
Red Hat
kernel: crypto: ccp - Fix use-after-free on error path2026-03-25
Debian
CVE-2026-23344: linux - In the Linux kernel, the following vulnerability has been resolved: crypto: ccp...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23344 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23344 — Expired Pointer Dereference in Linux | cvebase