cve-2026-23319

CVE-2026-23319 is a Linux kernel vulnerability in the BPF trampoline path where a use-after-free race condition can occur between bpf_trampoline_link_cgroup_shim and delayed cleanup in bpf_shim_tramp_link_release. The fix introduces an atomic non-zero refcount check to prevent reuse of a link object that has already reached zero. This bug was reproducible with a deliberate delay in teardown and is resolved by the atomic refcount guard. The tag covers discussions about the vulnerability details, the race condition, and the kernel patch that addresses it.