Main Vulnerability Database SB20260325143

SB20260325143 - Memory corruption in Linux kernel events

Published: March 25, 2026

Security Bulletin ID SB20260325143

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Memory corruption (CVE-ID: CVE-2026-23311)

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to improper locking mechanism in the perf/core subsystem when handling event scheduling. A local user can trigger a pinned event failure that leads to invalid wait context handling, resulting in a kernel bug and system crash.

Exploitation does not require elevated privileges but operates within the context of the perf event subsystem.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/486ff5ad49bc50315bcaf6d45f04a33ef0a45ced
https://git.kernel.org/stable/c/825f218ca70ef394c2b8546b313711d867b24584
https://git.kernel.org/stable/c/c67ab059953e3b66cb17ddd6524c23f9e1f6526d