SB20260529202 - Race condition in Linux kernel tracefs
Published: May 29, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Race condition (CVE-ID: CVE-2026-46106)
CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a race condition in eventfs remount handling when walking events during remount operations. A local user can trigger concurrent remount and event creation or removal operations to cause a denial of service.
The issue occurs because the walk over eventfs children is performed without the required eventfs mutex and SRCU protection, which can lead to dereference of reclaimed or poisoned list entries.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/07004a8c4b572171934390148ee48c4175c77eed
- https://git.kernel.org/stable/c/44e64d8a432837308f4dda3ffe819f1ec092a0ba
- https://git.kernel.org/stable/c/52b109f1b875b912d4ab2c5fdd8c322d47119d9b
- https://git.kernel.org/stable/c/ae9cd0b46b1890040006a2fc5e905c5d6053fd02
- https://git.kernel.org/stable/c/ed2ad73bcb0a7a6cc934097d4853b6d5124c317e