## https://sploitus.com/exploit?id=D628ABF1-C07B-5F3A-88CB-25B6B8ABA851

# CVE-2026-23415 PoC
Proof of concept for **CVE-2026-23415**, a use-after-free vulnerability in the Linux kernel futex subsystem.
## About the vulnerability
A race condition exists between `futex_key_to_node_opt()` and `vma_replace_policy()`.
While the futex code reads a virtual memory area's NUMA memory policy, another thread can replace and free that policy through `mbind()`. The kernel may then dereference the freed policy pointer, resulting in a use-after-free read.
## Usage
Run the proof of concept:
```bash
bash poc-cve-2026-23415.sh
```
No compilation or additional setup is required.
## Disclaimer
This project is provided for educational, research, and authorized security-testing purposes only.
Run it only on systems you own or have explicit permission to test. The script may cause instability or crash a vulnerable system. Using this project against systems without authorization may be illegal.
## References
* CVE-2026-23415
* Linux kernel futex subsystem
* Linux kernel security advisories