CVE-2026-23344

Summary

In the Linux kernel, the following vulnerability has been resolved:

crypto: ccp - Fix use-after-free on error path

In the error path of sev_tsm_init_locked(), the code dereferences 't' after it has been freed with kfree(). The pr_err() statement attempts to access t->tio_en and t->tio_init_done after the memory has been released.

Move the pr_err() call before kfree(t) to access the fields while the memory is still valid.

This issue reported by Smatch static analyser

Affected Software

VendorProductVersion RangeStatus
LinuxLinux4be423572da1f4c11f45168e3fafda870ddac9f8 < 79a26fe3175b9ed7c0c9541b197cb9786237c0f7affected
LinuxLinux4be423572da1f4c11f45168e3fafda870ddac9f8 < 889b0e2721e793eb46cf7d17b965aa3252af3ec8affected
LinuxLinux6.19affected
LinuxLinux0 < 6.19unaffected
LinuxLinux6.19.7 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References