CVE-2026-23344
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
crypto: ccp - Fix use-after-free on error path
In the error path of sev_tsm_init_locked(), the code dereferences 't' after it has been freed with kfree(). The pr_err() statement attempts to access t->tio_en and t->tio_init_done after the memory has been released.
Move the pr_err() call before kfree(t) to access the fields while the memory is still valid.
This issue reported by Smatch static analyser
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 4be423572da1f4c11f45168e3fafda870ddac9f8 < 79a26fe3175b9ed7c0c9541b197cb9786237c0f7 | affected |
| Linux | Linux | 4be423572da1f4c11f45168e3fafda870ddac9f8 < 889b0e2721e793eb46cf7d17b965aa3252af3ec8 | affected |
| Linux | Linux | 6.19 | affected |
| Linux | Linux | 0 < 6.19 | unaffected |
| Linux | Linux | 6.19.7 <= 6.19.* | unaffected |
| Linux | Linux | 7.0 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/79a26fe3175b9ed7c0c9541b197cb9786237c0f7
- https://git.kernel.org/stable/c/889b0e2721e793eb46cf7d17b965aa3252af3ec8
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.