CVE-2026-23226 – ksmbd: add chann_lock to protect ksmbd_chann_list xarray

CVE ID : CVE-2026-23226

Published : Feb. 18, 2026, 4:22 p.m. | 37 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

ksmbd: add chann_lock to protect ksmbd_chann_list xarray

ksmbd_chann_list xarray lacks synchronization, allowing use-after-free in
multi-channel sessions (between lookup_chann_list() and ksmbd_chann_del).

Adds rw_semaphore chann_lock to struct ksmbd_session and protects
all xa_load/xa_store/xa_erase accesses.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-23230 – smb: client: split cached_fid bitfields to avoid shared-byte RMW races

CVE-2026-23229 – crypto: virtio – Add spinlock protection with virtqueue notification

CVE-2026-23228 – smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection()

CVE-2026-23227 – drm/exynos: vidi: use ctx->lock to protect struct vidi_context member variables related to memory alloc/free