VDB

CVE-2026-23344

CVE-2026-23344 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix use-after-free on error path In the error path of sev_tsm_init_locked(), the code dereferences 't' after it has been freed with kfree(). The pr_err() statement attempts to access t->tio_en and t->tio_init_done after the memory has been released. Move the pr_err() call before kfree(t) to access the fields while the memory is still valid. This issue reported by Smatch static analyser

EPSS 0.02% · 5.6th percentile

Risk Scores

EPSS Score
0.02%
5.6th percentile

Affected Products

VendorProductVersions
LinuxLinux*, 7.0-rc3, 4be423572da1f4c11f45168e3fafda870ddac9f8
linuxlinux_kernel6.19, 6.19, 6.19

Timeline

  • Mar 25, 2026 EPSS Score
  • Mar 25, 2026 Coalition ESS Score
  • Mar 25, 2026 CVE Published
  • Mar 29, 2026 Security Advisory
  • Apr 24, 2026 CVE Updated
  • May 18, 2026 EPSS Score
  • May 19, 2026 EPSS Score
  • May 20, 2026 EPSS Score
  • May 21, 2026 EPSS Score
  • May 22, 2026 EPSS Score
  • May 23, 2026 EPSS Score
  • May 24, 2026 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›