CVE-2026-23344 PUBLISHED

crypto: ccp - Fix use-after-free on error path

Assigner: Linux
Reserved: 13.01.2026 Published: 25.03.2026 Updated: 25.03.2026

In the Linux kernel, the following vulnerability has been resolved:

crypto: ccp - Fix use-after-free on error path

In the error path of sev_tsm_init_locked(), the code dereferences 't' after it has been freed with kfree(). The pr_err() statement attempts to access t->tio_en and t->tio_init_done after the memory has been released.

Move the pr_err() call before kfree(t) to access the fields while the memory is still valid.

This issue reported by Smatch static analyser

Product Status

Vendor	Linux
Product	Linux
Versions	Default: unaffected affected from 4be423572da1f4c11f45168e3fafda870ddac9f8 to 79a26fe3175b9ed7c0c9541b197cb9786237c0f7 (excl.) affected from 4be423572da1f4c11f45168e3fafda870ddac9f8 to 889b0e2721e793eb46cf7d17b965aa3252af3ec8 (excl.)

Vendor	Linux
Product	Linux
Versions	Default: affected Version 6.19 is affected unaffected from 0 to 6.19 (excl.) unaffected from 6.19.7 to 6.19.* (incl.) unaffected from 7.0-rc3 to * (incl.)

CVE-2026-23344 PUBLISHED

crypto: ccp - Fix use-after-free on error path

Product Status

References