What is CVE-2026-23427?

CVE-2026-23427 is a critical-severity vulnerability in Linux. CVSS score: 9.8/10. Published 2026-04-03.

How severe is CVE-2026-23427?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Vulnerability in Linux

CVE-2026-23427

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in durable v2 replay of active file handles parse_durable_handle_context() unconditionally assigns dh_info->fp->conn to the current connection…

EPSS: 0.000 (11.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Linux — versions 7.0, 8df4bcdb0a4232192b2445256c39b787d58ef14d, 6.18.20

References

git.kernel.org/stable/c/b0158d9d6f4ec5941e49a0b812735db2844f9975
git.kernel.org/stable/c/568a25fd7bcdfb2790f7d42aa2a440dca4435c96
git.kernel.org/stable/c/a5828c14a9e3d5eeed0bcc0a58f0f3fbca0cdcb2
git.kernel.org/stable/c/9b0792c3eacf01e67f356d6ef9707b0ae5022419
git.kernel.org/stable/c/b425e4d0eb321a1116ddbf39636333181675d8f4

Frequently asked questions

What is CVE-2026-23427?: CVE-2026-23427 is a critical-severity vulnerability in Linux. CVSS score: 9.8/10. Published 2026-04-03.
How severe is CVE-2026-23427?: Critical severity. CVSS v3 base score is 9.8 out of 10.