Description

In the Linux kernel, the following vulnerability has been resolved: futex: Fix UaF between futex_key_to_node_opt() and vma_replace_policy() During futex_key_to_node_opt() execution, vma->vm_policy is read under speculative mmap lock and RCU. Concurrently, mbind() may call vma_replace_policy() which frees the old mempolicy immediately via kmem_cache_free(). This creates a race where __futex_key_to_node() dereferences a freed mempolicy pointer, causing a use-after-free read of mpol->mode. [ 151.412631] BUG: KASAN: slab-use-after-free in __futex_key_to_node (kernel/futex/core.c:349) [ 151.414046] Read of size 2 at addr ffff888001c49634 by task e/87 [ 151.415969] Call Trace: [ 151.416732] __asan_load2 (mm/kasan/generic.c:271) [ 151.416777] __futex_key_to_node (kernel/futex/core.c:349) [ 151.416822] get_futex_key (kernel/futex/core.c:374 kernel/futex/core.c:386 kernel/futex/core.c:593) Fix by adding rcu to __mpol_put().

INFO

Published Date :

2026-04-02T11:40:56.476Z

Last Modified :

2026-04-02T11:40:56.476Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2026-23415 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-23415.

URL Resource
https://git.kernel.org/stable/c/190a8c48ff623c3d67cb295b4536a660db2012aa cve-icon cve-icon
https://git.kernel.org/stable/c/7e196194ea27bd49adf3551e2aceb83498eb73fe cve-icon cve-icon
https://git.kernel.org/stable/c/853f70c67d1b37e368fdcb3e328c4b8c04f53ac0 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2026040204-CVE-2026-23415-3435@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-23415 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-23415 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact