CVE-2026-23158

Description

In the Linux kernel, the following vulnerability has been resolved:gpio: virtuser: fix UAF in configfs release pathThe gpio-virtuser configfs release path uses guard(mutex) to protectthe device structure. However, the device is freed before the guardcleanup runs, causing mutex_unlock() to operate on freed memory.Specifically, gpio_virtuser_device_config_group_release() destroysthe mutex and frees the device while still inside the guard(mutex)scope. When the function returns, the guard cleanup invokesmutex_unlock(&dev->lock), resulting in a slab use-after-free.Limit the mutex lifetime by using a scoped_guard() only around theactivation check, so that the lock is released before mutex_destroy()and kfree() are called.

Risk Information

Base Score

7.8

MODERATE

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

0.015

Associated Vulnerability

No records found

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234