CVE-2026-23226

ksmbd: add chann_lock to protect ksmbd_chann_list xarray

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: ksmbd: add chann_lock to protect ksmbd_chann_list xarray ksmbd_chann_list xarray lacks synchronization, allowing use-after-free in
multi-channel sessions (between lookup_chann_list() and ksmbd_chann_del). Adds rw_semaphore chann_lock to struct ksmbd_session and protects
all xa_load/xa_store/xa_erase accesses.

*Credits: N/A

CVSS Scores

kernel.orgv3.1 8.8

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2026-01-13 CVE Reserved
2026-02-18 CVE Published
2026-03-22 EPSS Updated
2026-04-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (8)

URL	Tag	Source
https://git.kernel.org/stable/c/1d9c4172110e645b383ff13eee759728d74f1a5d	Vuln. Introduced
https://git.kernel.org/stable/c/b1caecbf34b8c8260d851ec4efde71f3694460b7	Vuln. Introduced
https://git.kernel.org/stable/c/91bbf9cb2387a0d76322e9a343bc6bc160f66b3f	Vuln. Introduced
https://git.kernel.org/stable/c/853c416710b075153c1e1421e099ffbe5dac68ce	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/4c2ca31608521895dd742a43beca4b4d29762345	2026-03-13
https://git.kernel.org/stable/c/e4a8a96a93d08570e0405cfd989a8a07e5b6ff33	2026-02-16
https://git.kernel.org/stable/c/36ef605c0395b94b826a8c8d6f2697071173de6e	2026-02-16
https://git.kernel.org/stable/c/4f3a06cc57976cafa8c6f716646be6c79a99e485	2026-02-09

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.3 < 6.12.77 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.3 < 6.12.77"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.3 < 6.18.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.3 < 6.18.11"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.3 < 6.19.1 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.3 < 6.19.1"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.3 < 7.0-rc1 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.3 < 7.0-rc1"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.15.145 Search vendor "Linux" for product "Linux Kernel" and version "5.15.145"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.1.29 Search vendor "Linux" for product "Linux Kernel" and version "6.1.29"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				6.2.16 Search vendor "Linux" for product "Linux Kernel" and version "6.2.16"		en		Affected