CVE-2026-23415Time-of-check Time-of-use (TOCTOU) Race Condition in Linux

CWE-367Time-of-check Time-of-use (TOCTOU) Race Condition7 documents6 sources
Severity
5.7MEDIUM
No vector
EPSS
0.0%
top 94.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxDebian Linux
Timeline
PublishedApr 2
Latest updateApr 3

Description

In the Linux kernel, the following vulnerability has been resolved: futex: Fix UaF between futex_key_to_node_opt() and vma_replace_policy() During futex_key_to_node_opt() execution, vma->vm_policy is read under speculative mmap lock and RCU. Concurrently, mbind() may call vma_replace_policy() which frees the old mempolicy immediately via kmem_cache_free(). This creates a race where __futex_key_to_node() dereferences a freed mempolicy pointer, causing a use-after-free read of mpol->mode. [ 15

Affected Packages2 packages

CVEListV5linux/linuxc042c505210dc3453f378df432c10fff3d471bc5853f70c67d1b37e368fdcb3e328c4b8c04f53ac0+3
debiandebian/linux< linux 6.19.11-1 (sid)

🔴Vulnerability Details

3
OSV
CVE-2026-23415: (In the Linux kernel, the following vulnerability has been resolved: f2026-04-03
GHSA
GHSA-chr7-rqmr-q86r: In the Linux kernel, the following vulnerability has been resolved: futex: Fix UaF between futex_key_to_node_opt() and vma_replace_policy() During f2026-04-02
OSV
CVE-2026-23415: In the Linux kernel, the following vulnerability has been resolved: futex: Fix UaF between futex_key_to_node_opt() and vma_replace_policy() During fut2026-04-02

📋Vendor Advisories

2
Red Hat
kernel: futex: Fix UaF between futex_key_to_node_opt() and vma_replace_policy()2026-04-02
Debian
CVE-2026-23415: linux - In the Linux kernel, the following vulnerability has been resolved: futex: Fix ...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23415 Impact, Exploitability, and Mitigation Steps | Wiz