CVE-2026-23195 – This CVE describes a use-after-free vulnerabili... (How to Fix)

Q: What is the severity of CVE-2026-23195?

CVE-2026-23195 has a CVSS score of N/A (Unknown). This CVE describes a use-after-free vulnerability in the Linux kernel's cgroup/dmem subsystem where a memory pool can be freed while still being referenced by callers. This allows attackers with local access to potentially cause kernel crashes or execute arbitrary code. Systems running affected Linux kernel versions are vulnerable.

📋 TL;DR

This CVE describes a use-after-free vulnerability in the Linux kernel's cgroup/dmem subsystem where a memory pool can be freed while still being referenced by callers. This allows attackers with local access to potentially cause kernel crashes or execute arbitrary code. Systems running affected Linux kernel versions are vulnerable.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific versions not explicitly stated in CVE, but references indicate fixes in kernel commits from January 2026 timeframe.

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires cgroup/dmem functionality to be enabled and used.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash or potential privilege escalation to kernel-level code execution.

🟠

Likely Case

Kernel crash causing system instability or denial of service.

🟢

If Mitigated

Limited to local attackers; proper access controls reduce exposure.

🌐 Internet-Facing: LOW - Requires local access to exploit.

🏢 Internal Only: MEDIUM - Local attackers on multi-user systems could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and knowledge of kernel memory management. No public exploit code is mentioned.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions with commits 99a2ef500906138ba58093b9893972a5c303c734 and d3081353acaa6a638dcf75726066ea556a2de8d5

Vendor Advisory: https://git.kernel.org/stable/c/99a2ef500906138ba58093b9893972a5c303c734

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable cgroup/dmem functionality

Linux

Disable the affected cgroup/dmem subsystem if not required.

echo 0 > /sys/fs/cgroup/memory/memory.use_hierarchy
mount -o remount,ro /sys/fs/cgroup

🧯 If You Can't Patch

Restrict local user access to minimize attack surface
Implement strict privilege separation and limit user capabilities

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with patched versions. Examine if cgroup/dmem is active.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits and system remains stable under cgroup/dmem operations.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
KASAN reports of use-after-free in cgroup/dmem
System crash dumps

Network Indicators:

None - local vulnerability only

SIEM Query:

source="kernel" AND ("KASAN" OR "use-after-free" OR "cgroup/dmem")

📊 Metadata

CVE ID: CVE-2026-23195

CVSS v3 Score: N/A (Unknown)

Published: February 14, 2026

Last Updated: February 18, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON