CVE-2026-23352Release of Invalid Pointer or Reference in Linux

CWE-763Release of Invalid Pointer or Reference8 documents7 sources
Severity
7.1HIGH
No vector
EPSS
0.0%
top 86.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedMar 25

Description

In the Linux kernel, the following vulnerability has been resolved: x86/efi: defer freeing of boot services memory efi_free_boot_services() frees memory occupied by EFI_BOOT_SERVICES_CODE and EFI_BOOT_SERVICES_DATA using memblock_free_late(). There are two issue with that: memblock_free_late() should be used for memory allocated with memblock_alloc() while the memory reserved with memblock_reserve() should be freed with free_reserved_area(). More acutely, with CONFIG_DEFERRED_STRUCT_PAGE_INI

Affected Packages5 packages

Linuxlinux/linux_kernel2.7.06.1.167+5
Debianlinux/linux_kernel< 6.19.8-1
CVEListV5linux/linux0aed459e8487eb6ebdb4efe8cefe1eafbc704b304a2cb90c538f06c873a187aa743575d48685d7a6+7
debiandebian/linux< linux 6.19.8-1 (forky)

🔴Vulnerability Details

3
GHSA
GHSA-3ggx-9863-fxcm: In the Linux kernel, the following vulnerability has been resolved: x86/efi: defer freeing of boot services memory efi_free_boot_services() frees me2026-03-25
OSV
CVE-2026-23352: In the Linux kernel, the following vulnerability has been resolved: x86/efi: defer freeing of boot services memory efi_free_boot_services() frees memo2026-03-25
OSV
x86/efi: defer freeing of boot services memory2026-03-25

📋Vendor Advisories

3
Red Hat
kernel: x86/efi: defer freeing of boot services memory2026-03-25
Microsoft
x86/efi: defer freeing of boot services memory2026-03-10
Debian
CVE-2026-23352: linux - In the Linux kernel, the following vulnerability has been resolved: x86/efi: de...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23352 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23352 — Linux vulnerability | cvebase