CVE-2026-23380

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> tracing: Fix WARN_ON in tracing_buffers_mmap_close<br /> <br /> When a process forks, the child process copies the parent&amp;#39;s VMAs but the<br /> user_mapped reference count is not incremented. As a result, when both the<br /> parent and child processes exit, tracing_buffers_mmap_close() is called<br /> twice. On the second call, user_mapped is already 0, causing the function to<br /> return -ENODEV and triggering a WARN_ON.<br /> <br /> Normally, this isn&amp;#39;t an issue as the memory is mapped with VM_DONTCOPY set.<br /> But this is only a hint, and the application can call<br /> madvise(MADVISE_DOFORK) which resets the VM_DONTCOPY flag. When the<br /> application does that, it can trigger this issue on fork.<br /> <br /> Fix it by incrementing the user_mapped reference count without re-mapping<br /> the pages in the VMA&amp;#39;s open callback.