Synchronization Flaw in Linux Kernel's ksmbd Affects Multiple Channels
CVE-2026-23226

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
18 February 2026

What is CVE-2026-23226?

A synchronization issue has been identified in the ksmbd component of the Linux kernel, where the ksmbd_chann_list xarray is not adequately protected. This defect allows unintentional access to freed memory in multi-channel sessions during operations between lookup_chann_list() and ksmbd_chann_del. To mitigate this, a read-write semaphore (rw_semaphore) named chann_lock has been introduced to manage access to the ksmbd_session structure, which secures all operations involving xa_load, xa_store, and xa_erase. This enhancement improves the stability and security of the memory management in multi-channel configurations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 1d9c4172110e645b383ff13eee759728d74f1a5d

Linux 1d9c4172110e645b383ff13eee759728d74f1a5d < 36ef605c0395b94b826a8c8d6f2697071173de6e

Linux 1d9c4172110e645b383ff13eee759728d74f1a5d < 4f3a06cc57976cafa8c6f716646be6c79a99e485

References

https://git.kernel.org/stable/c/e4a8a96a93d08570e0405cfd9...
https://git.kernel.org/stable/c/36ef605c0395b94b826a8c8d6...
https://git.kernel.org/stable/c/4f3a06cc57976cafa8c6f7166...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.