CVE-2026-53166

UNKNOWN 0.0

futex/requeue: Prevent NULL pointer dereference in remove_waiter() on self-deadlock

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: futex/requeue: Prevent NULL pointer dereference in remove_waiter() on self-deadlock When FUTEX_CMP_REQUEUE_PI requeues a non-top waiter that already owns the target PI futex, task_blocks_on_rt_mutex() returns -EDEADLK before setting waiter->task. The subsequent remove_waiter() in rt_mutex_start_proxy_lock() dereferences the NULL waiter->task, causing a kernel crash. Add a self-deadlock check for non-top waiters before calling rt_mutex_start_proxy_lock(), analogous to the top-waiter check in futex_lock_pi_atomic().

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Jun 25, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

3fb7394a837740770f0d6b4b30567e60786a63f2 < 16f8e17184b31382076f84751db5ac51fc02733e 88614876370aac8ad1050ad785a4c095ba17ac11 < 1f2f3f3eacd6653ab215c5d2ea70811148d433fc 3bfdc63936dd4773109b7b8c280c0f3b5ae7d349 < 74e144274af39935b0f410c0ee4d2b91c3730414 d8cce4773c2b23d819baf5abedc62f7b430e8745 8a1fc8d698ac5e5916e3082a0f74450d71f9611f 6d52dfcb2a5db86e346cf51f8fcf2071b8085166 6.1.175 < 6.2 6.6.140 < 6.7 6.12.86 < 6.13

Linux / Linux

6.18.27 < 6.18.36 7.0.4 < 7.0.13

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/16f8e17184b31382076f84751db5ac51fc02733e git.kernel.org: https://git.kernel.org/stable/c/1f2f3f3eacd6653ab215c5d2ea70811148d433fc git.kernel.org: https://git.kernel.org/stable/c/74e144274af39935b0f410c0ee4d2b91c3730414