๐Ÿ” CVE Alert

CVE-2026-46259

HIGH 7.8

procfs: fix missing RCU protection when reading real_parent in do_task_stat()

CVSS Score
7.8
EPSS Score
0.0%
EPSS Percentile
7th

In the Linux kernel, the following vulnerability has been resolved: procfs: fix missing RCU protection when reading real_parent in do_task_stat() When reading /proc/[pid]/stat, do_task_stat() accesses task->real_parent without proper RCU protection, which leads to: cpu 0 cpu 1 ----- ----- do_task_stat var = task->real_parent release_task call_rcu(delayed_put_task_struct) task_tgid_nr_ns(var) rcu_read_lock <--- Too late to protect task->real_parent! task_pid_ptr <--- UAF! rcu_read_unlock This patch uses task_ppid_nr_ns() instead of task_tgid_nr_ns() to add proper RCU protection for accessing task->real_parent.

Vendor linux
Product linux
Ecosystems
Industries
Technology
Published Jun 3, 2026
Last Updated Jun 5, 2026
Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new high vulnerabilities affecting linux linux are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

Linux / Linux
06fffb1267c9d986687b69d74a46ee332a50575e < fefa0fcd78be465b7ad4c497fa6ec90d64194c04 06fffb1267c9d986687b69d74a46ee332a50575e < c93a33f28f915d446eea6fb3f0e1def0b3af1982 06fffb1267c9d986687b69d74a46ee332a50575e < 1c8dc5b5517546c68ffae40b948336122bb61306 06fffb1267c9d986687b69d74a46ee332a50575e < 0e64bd46a04a4fd61279aca9f53a664e9e5f7e7e 06fffb1267c9d986687b69d74a46ee332a50575e < 73ec7c96601d61d52310c659145bb06d933a0fa6 06fffb1267c9d986687b69d74a46ee332a50575e < 4f9ae386861e280b7631ca252f798d25575627ee 06fffb1267c9d986687b69d74a46ee332a50575e < dd8b13cb4ff1a4545a214ed897fdf2bc341155b6 06fffb1267c9d986687b69d74a46ee332a50575e < 76149d53502cf17ef3ae454ff384551236fba867
Linux / Linux
2.6.26

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
git.kernel.org: https://git.kernel.org/stable/c/fefa0fcd78be465b7ad4c497fa6ec90d64194c04 git.kernel.org: https://git.kernel.org/stable/c/c93a33f28f915d446eea6fb3f0e1def0b3af1982 git.kernel.org: https://git.kernel.org/stable/c/1c8dc5b5517546c68ffae40b948336122bb61306 git.kernel.org: https://git.kernel.org/stable/c/0e64bd46a04a4fd61279aca9f53a664e9e5f7e7e git.kernel.org: https://git.kernel.org/stable/c/73ec7c96601d61d52310c659145bb06d933a0fa6 git.kernel.org: https://git.kernel.org/stable/c/4f9ae386861e280b7631ca252f798d25575627ee git.kernel.org: https://git.kernel.org/stable/c/dd8b13cb4ff1a4545a214ed897fdf2bc341155b6 git.kernel.org: https://git.kernel.org/stable/c/76149d53502cf17ef3ae454ff384551236fba867