Back to CVE List

CVE-2026-23432

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved:

mshv: Fix use-after-free in mshv_map_user_memory error path

In the error path of mshv_map_user_memory(), calling vfree() directly on
the region leaves the MMU notifier registered. When userspace later unmaps
the memory, the notifier fires and accesses the freed region, causing a
use-after-free and potential kernel panic.

Replace vfree() with mshv_partition_put() to properly unregister
the MMU notifier before freeing the region.

Vulnerability Details

Published Date
Last Modified
Source
NVD
Vendor
Linux
Product
Linux

External References

Discussion (0)

Add Comment

No comments yet. Be the first!