Linux Kernel kSMBD UseAfterFree via Unsynchronized xarray
CVE-2026-23226 Published on February 18, 2026
ksmbd: add chann_lock to protect ksmbd_chann_list xarray
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: add chann_lock to protect ksmbd_chann_list xarray
ksmbd_chann_list xarray lacks synchronization, allowing use-after-free in
multi-channel sessions (between lookup_chann_list() and ksmbd_chann_del).
Adds rw_semaphore chann_lock to struct ksmbd_session and protects
all xa_load/xa_store/xa_erase accesses.
Products Associated with CVE-2026-23226
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version 1d9c4172110e645b383ff13eee759728d74f1a5d and below 4c2ca31608521895dd742a43beca4b4d29762345 is affected.
- Version 1d9c4172110e645b383ff13eee759728d74f1a5d and below e4a8a96a93d08570e0405cfd989a8a07e5b6ff33 is affected.
- Version 1d9c4172110e645b383ff13eee759728d74f1a5d and below 36ef605c0395b94b826a8c8d6f2697071173de6e is affected.
- Version 1d9c4172110e645b383ff13eee759728d74f1a5d and below 4f3a06cc57976cafa8c6f716646be6c79a99e485 is affected.
- Version b1caecbf34b8c8260d851ec4efde71f3694460b7 is affected.
- Version 91bbf9cb2387a0d76322e9a343bc6bc160f66b3f is affected.
- Version 853c416710b075153c1e1421e099ffbe5dac68ce is affected.
- Version 6.3 is affected.
- Before 6.3 is unaffected.
- Version 6.12.77, <= 6.12.* is unaffected.
- Version 6.18.11, <= 6.18.* is unaffected.
- Version 6.19.1, <= 6.19.* is unaffected.
- Version 7.0-rc1, <= * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.