Login Sign Up

CVE-2026-23224

N/A Unknown
Denial of Service

📋 TL;DR

This CVE describes a use-after-free vulnerability in the Linux kernel's EROFS filesystem when using file-backed mounts with the directio option. The race condition can lead to kernel panic or potential privilege escalation. Systems using EROFS with direct I/O enabled are affected.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific kernel versions with vulnerable EROFS implementation (check git commits for exact ranges)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when EROFS is mounted with file-backed option AND directio mount option enabled.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash, or potential privilege escalation to kernel-level code execution.

🟠

Likely Case

System instability, kernel panic, or denial of service causing system crashes.

🟢

If Mitigated

Limited impact if EROFS with directio is not used, or if systems are patched.

🌐 Internet-Facing: LOW - This requires local filesystem access and specific EROFS configuration.
🏢 Internal Only: MEDIUM - Internal systems using EROFS with directio could experience crashes or potential privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH - Requires specific race condition timing and EROFS configuration.

Exploitation requires local access and specific EROFS mount configuration.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits: ae385826840a3c8e09bf38cac90adcd690716f57, b2ee5e4d5446babd23ff7beb4e636be0fb3ea5aa, d741534302f71c511eb0bb670b92eaa7df4a0aec

Vendor Advisory: https://git.kernel.org/stable/c/

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable EROFS directio mount option

linux

Avoid using directio option when mounting EROFS filesystems

mount -t erofs /dev/device /mount/point (without -o directio)

Avoid EROFS file-backed mounts

linux

Use alternative filesystems or avoid file-backed EROFS mounts

🧯 If You Can't Patch

  • Disable EROFS usage or avoid directio mount option
  • Implement strict access controls to limit who can mount filesystems

🔍 How to Verify

Check if Vulnerable:

Check kernel version and verify if EROFS with directio is in use: 'mount | grep erofs' and 'cat /proc/mounts | grep erofs'

Check Version:

uname -r

Verify Fix Applied:

Check kernel version after update: 'uname -r' and verify it includes the fix commits

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs mentioning erofs_fileio_rq_submit, ext4_file_read_iter, or UAF errors
  • System crash dumps with EROFS call traces

Network Indicators:

  • None - this is a local filesystem vulnerability

SIEM Query:

source="kernel" AND ("erofs" OR "UAF" OR "use-after-free") AND ("panic" OR "crash")

📊 Metadata

CVE ID: CVE-2026-23224
CVSS v3 Score: N/A (Unknown)
Published: February 18, 2026
Last Updated: February 23, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON