High severity8.8NVD Advisory· Published Feb 18, 2026· Updated Apr 2, 2026
CVE-2026-23226
CVE-2026-23226
Description
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: add chann_lock to protect ksmbd_chann_list xarray
ksmbd_chann_list xarray lacks synchronization, allowing use-after-free in multi-channel sessions (between lookup_chann_list() and ksmbd_chann_del).
Adds rw_semaphore chann_lock to struct ksmbd_session and protects all xa_load/xa_store/xa_erase accesses.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8- osv-coords6 versionspkg:apk/chainguard/linux-aws-6.12pkg:apk/chainguard/linux-azure-6.12pkg:apk/chainguard/linux-gcp-6.12pkg:apk/chainguard/linux-qemu-6.12pkg:apk/chainguard/linux-vmware-6.12pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Tumbleweed
< 6.12.80-r0+ 5 more
- (no CPE)range: < 6.12.80-r0
- (no CPE)range: < 6.12.80-r0
- (no CPE)range: < 6.12.80-r0
- (no CPE)range: < 6.12.80-r0
- (no CPE)range: < 6.12.80-r0
- (no CPE)range: < 6.19.8-1.1
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.