SB20260529202 - Race condition in Linux kernel tracefs



SB20260529202 - Race condition in Linux kernel tracefs

Published: May 29, 2026

Security Bulletin ID SB20260529202
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Race condition (CVE-ID: CVE-2026-46106)

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to a race condition in eventfs remount handling when walking events during remount operations. A local user can trigger concurrent remount and event creation or removal operations to cause a denial of service.

The issue occurs because the walk over eventfs children is performed without the required eventfs mutex and SRCU protection, which can lead to dereference of reclaimed or poisoned list entries.


Remediation

Install update from vendor's website.