Linux Kernel kSMBD UseAfterFree via Unsynchronized xarray
CVE-2026-23226 Published on February 18, 2026
ksmbd: add chann_lock to protect ksmbd_chann_list xarray
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: add chann_lock to protect ksmbd_chann_list xarray
ksmbd_chann_list xarray lacks synchronization, allowing use-after-free in
multi-channel sessions (between lookup_chann_list() and ksmbd_chann_del).
Adds rw_semaphore chann_lock to struct ksmbd_session and protects
all xa_load/xa_store/xa_erase accesses.
Products Associated with CVE-2026-23226
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2026-23226 are published in Linux Kernel:
Affected Versions
Linux:- Version 1d9c4172110e645b383ff13eee759728d74f1a5d and below e4a8a96a93d08570e0405cfd989a8a07e5b6ff33 is affected.
- Version 1d9c4172110e645b383ff13eee759728d74f1a5d and below 36ef605c0395b94b826a8c8d6f2697071173de6e is affected.
- Version b1caecbf34b8c8260d851ec4efde71f3694460b7 is affected.
- Version 91bbf9cb2387a0d76322e9a343bc6bc160f66b3f is affected.
- Version 853c416710b075153c1e1421e099ffbe5dac68ce is affected.
- Version 6.3 is affected.
- Before 6.3 is unaffected.
- Version 6.18.11, <= 6.18.* is unaffected.
- Version 6.19.1, <= 6.19.* is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.