Synchronization Flaw in Linux Kernel's ksmbd Affects Multiple Channels
CVE-2026-23226

8.8HIGH

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
18 February 2026

Badges

📰 News Worthy

What is CVE-2026-23226?

A synchronization issue has been identified in the ksmbd component of the Linux kernel, where the ksmbd_chann_list xarray is not adequately protected. This defect allows unintentional access to freed memory in multi-channel sessions during operations between lookup_chann_list() and ksmbd_chann_del. To mitigate this, a read-write semaphore (rw_semaphore) named chann_lock has been introduced to manage access to the ksmbd_session structure, which secures all operations involving xa_load, xa_store, and xa_erase. This enhancement improves the stability and security of the memory management in multi-channel configurations.

Affected Version(s)

Linux 1d9c4172110e645b383ff13eee759728d74f1a5d < 4c2ca31608521895dd742a43beca4b4d29762345

Linux 1d9c4172110e645b383ff13eee759728d74f1a5d

Linux 1d9c4172110e645b383ff13eee759728d74f1a5d < 36ef605c0395b94b826a8c8d6f2697071173de6e

News Articles

favicon imageThe Hacker News

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

6:08 PM This week in cybersecurity: botnets, RCE flaws, AI-driven attacks, stealers, and more. Fast, no-fluff roundup.

1 day ago

References

https://git.kernel.org/stable/c/4c2ca31608521895dd742a43b...
https://git.kernel.org/stable/c/e4a8a96a93d08570e0405cfd9...
https://git.kernel.org/stable/c/36ef605c0395b94b826a8c8d6...

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 📰

    First article discovered by The Hacker News

  • Vulnerability published

  • Vulnerability Reserved

.