SB20260625241 - Improper locking in Linux kernel fs
Published: June 25, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Improper locking (CVE-ID: CVE-2026-52946)
CWE-ID: CWE-667 - Improper Locking
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to improper locking in fs/fcntl.c when handling TCP urgent data signaling for a process group. A remote attacker can send specially crafted TCP URG packets to cause a denial of service.
The issue occurs when FASYNC is configured for a process group.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1bee417678f1135e35b25a37734db46aa94258d2
- https://git.kernel.org/stable/c/20a93e397abe850c49b6fa0e8cc827b5f634a8f5
- https://git.kernel.org/stable/c/32dbd5ce4be3a3ed7e00f8af18795cc84fc50a33
- https://git.kernel.org/stable/c/36c1b57b2ecf3c61ac93f5f07bd29b6f21e226ed
- https://git.kernel.org/stable/c/54626335ea4174ab2d9a183b511d825f6765e47b
- https://git.kernel.org/stable/c/897d6a7247739fb1528f98c575df4f2e5de7f994
- https://git.kernel.org/stable/c/b5fa9e32fb6718f70c986ee14dd5d01b4846f331
- https://git.kernel.org/stable/c/bfcc8e8d8a495bb34cae9e620adfb75fb13a3954