Cyber Resilience

CVE-2026-23432

High

Published: 03 April 2026

Published
03 April 2026
Modified
27 April 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 5.5th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-23432 is a high-severity Use After Free (CWE-416) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 5.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-11 (Error Handling).

Deeper analysis

CVE-2026-23432 is a use-after-free vulnerability in the Linux kernel's mshv component, specifically in the error path of the mshv_map_user_memory() function. When an error occurs during memory mapping, the code calls vfree() directly on the allocated region without unregistering the associated MMU notifier. This leaves the notifier registered, allowing subsequent userspace unmapping to trigger the notifier, which then accesses the already-freed memory region. The issue is classified under CWE-416 with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

A local attacker with low privileges can exploit this vulnerability by triggering the error path in mshv_map_user_memory(), such as through operations involving user memory mapping in a Microsoft Hyper-V guest environment on Linux. Successful exploitation leads to a use-after-free condition, potentially resulting in kernel panic or more severe impacts like arbitrary code execution, data corruption, or denial of service, given the high confidentiality, integrity, and availability impacts indicated by the CVSS score.

The provided kernel patch references detail the mitigation: replace the direct vfree() call with mshv_partition_put() to properly unregister the MMU notifier before freeing the region. Security practitioners should apply the stable kernel commits at https://git.kernel.org/stable/c/34861bdc0c0196b6c2dd48f7454029407704ff6e and https://git.kernel.org/stable/c/6922db250422a0dfee34de322f86b7a73d713d33 to affected Linux kernel versions supporting the mshv driver.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: mshv: Fix use-after-free in mshv_map_user_memory error path In the error path of mshv_map_user_memory(), calling vfree() directly on the region leaves the MMU notifier registered. When userspace later unmaps the memory,…

more

the notifier fires and accesses the freed region, causing a use-after-free and potential kernel panic. Replace vfree() with mshv_partition_put() to properly unregister the MMU notifier before freeing the region.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local kernel use-after-free in mshv enables direct exploitation for privilege escalation to arbitrary code execution or DoS in the Linux kernel.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-23111Same product: Linux Linux Kernel
CVE-2026-31530Same product: Linux Linux Kernel
CVE-2026-43019Same product: Linux Linux Kernel
CVE-2026-23158Same product: Linux Linux Kernel
CVE-2025-21893Same product: Linux Linux Kernel
CVE-2026-31446Same product: Linux Linux Kernel
CVE-2026-31650Same product: Linux Linux Kernel
CVE-2026-23001Same product: Linux Linux Kernel
CVE-2024-50051Same product: Linux Linux Kernel
CVE-2025-21759Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
6.19, 7.0 · 6.19.1 — 6.19.10

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Mandates timely flaw remediation by applying kernel patches that fix the use-after-free in mshv_map_user_memory error path.

prevent

Implements memory protections such as ASLR and guard pages that hinder exploitation of the use-after-free vulnerability in the kernel's mshv component.

prevent

Requires secure error handling to prevent improper cleanup in error paths like mshv_map_user_memory that leads to notifier access of freed memory.

References