CVE-2026-23415
Gravedad:
Pendiente de análisis
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
02/04/2026
Última modificación:
03/04/2026
Descripción
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
futex: Fix UaF between futex_key_to_node_opt() and vma_replace_policy()<br />
<br />
During futex_key_to_node_opt() execution, vma->vm_policy is read under<br />
speculative mmap lock and RCU. Concurrently, mbind() may call<br />
vma_replace_policy() which frees the old mempolicy immediately via<br />
kmem_cache_free().<br />
<br />
This creates a race where __futex_key_to_node() dereferences a freed<br />
mempolicy pointer, causing a use-after-free read of mpol->mode.<br />
<br />
[ 151.412631] BUG: KASAN: slab-use-after-free in __futex_key_to_node (kernel/futex/core.c:349)<br />
[ 151.414046] Read of size 2 at addr ffff888001c49634 by task e/87<br />
<br />
[ 151.415969] Call Trace:<br />
<br />
[ 151.416732] __asan_load2 (mm/kasan/generic.c:271)<br />
[ 151.416777] __futex_key_to_node (kernel/futex/core.c:349)<br />
[ 151.416822] get_futex_key (kernel/futex/core.c:374 kernel/futex/core.c:386 kernel/futex/core.c:593)<br />
<br />
Fix by adding rcu to __mpol_put().