CVE-2026-23158

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> gpio: virtuser: fix UAF in configfs release path<br /> <br /> The gpio-virtuser configfs release path uses guard(mutex) to protect<br /> the device structure. However, the device is freed before the guard<br /> cleanup runs, causing mutex_unlock() to operate on freed memory.<br /> <br /> Specifically, gpio_virtuser_device_config_group_release() destroys<br /> the mutex and frees the device while still inside the guard(mutex)<br /> scope. When the function returns, the guard cleanup invokes<br /> mutex_unlock(&amp;dev-&gt;lock), resulting in a slab use-after-free.<br /> <br /> Limit the mutex lifetime by using a scoped_guard() only around the<br /> activation check, so that the lock is released before mutex_destroy()<br /> and kfree() are called.