CVE-2026-46259

HIGH EPSS 2.2%
Published Jun 3, 20263w ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published Jun 3, 2026 3w ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: procfs: fix missing RCU protection when reading real_parent in do_task_stat() When reading /proc/[pid]/stat, do_task_stat() accesses task->real_parent without proper RCU protection, which leads to: cpu 0 cpu 1 ----- ----- do_task_stat var = task->real_parent release_task call_rcu(delayed_put_task_struct) task_tgid_nr_ns(var) rcu_read_lock <--- Too late to protect task->real_parent! task_pid_ptr <--- UAF! rcu_read_unlock This patch uses task_ppid_nr_ns() instead of task_tgid_nr_ns() to add proper RCU protection for accessing task->real_parent.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
2.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 7

VendorProductVersionRange
linuxlinux_kernel*≥2.6.26  –  <5.10.252
linuxlinux_kernel*≥5.11  –  <5.15.202
linuxlinux_kernel*≥5.16  –  <6.1.165
linuxlinux_kernel*≥6.2  –  <6.6.128
linuxlinux_kernel*≥6.7  –  <6.12.75
linuxlinux_kernel*≥6.13  –  <6.18.14
linuxlinux_kernel*≥6.19  –  <6.19.4

References 8

  • git.kernel.org https://git.kernel.org/stable/c/0e64bd46a04a4fd61279aca9f53a664e9e5f7e7e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1c8dc5b5517546c68ffae40b948336122bb61306
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4f9ae386861e280b7631ca252f798d25575627ee
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/73ec7c96601d61d52310c659145bb06d933a0fa6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/76149d53502cf17ef3ae454ff384551236fba867
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c93a33f28f915d446eea6fb3f0e1def0b3af1982
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dd8b13cb4ff1a4545a214ed897fdf2bc341155b6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fefa0fcd78be465b7ad4c497fa6ec90d64194c04
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0e64bd46a04a4fd61279aca9f53a664e9e5f7e7e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1c8dc5b5517546c68ffae40b948336122bb61306
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4f9ae386861e280b7631ca252f798d25575627ee
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/73ec7c96601d61d52310c659145bb06d933a0fa6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/76149d53502cf17ef3ae454ff384551236fba867
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c93a33f28f915d446eea6fb3f0e1def0b3af1982
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/dd8b13cb4ff1a4545a214ed897fdf2bc341155b6
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fefa0fcd78be465b7ad4c497fa6ec90d64194c04
    Patch