CVE-2026-23344

ADVISORY - nist

Summary

In the Linux kernel, the following vulnerability has been resolved:

crypto: ccp - Fix use-after-free on error path

In the error path of sev_tsm_init_locked(), the code dereferences 't' after it has been freed with kfree(). The pr_err() statement attempts to access t->tio_en and t->tio_init_done after the memory has been released.

Move the pr_err() call before kfree(t) to access the fields while the memory is still valid.

This issue reported by Smatch static analyser

EPSS Score: 0.0012 (0.022)

Common Weakness Enumeration (CWE)

ADVISORY - nist

Use After Free

ADVISORY - redhat

Expired Pointer Dereference


Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in