Race condition in Linux kernel - CVE-2026-46106
Published: May 29, 2026
Vulnerability identifier: #VU133090
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-46106
CWE-ID: CWE-362
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a race condition in eventfs remount handling when walking events during remount operations. A local user can trigger concurrent remount and event creation or removal operations to cause a denial of service.
The issue occurs because the walk over eventfs children is performed without the required eventfs mutex and SRCU protection, which can lead to dereference of reclaimed or poisoned list entries.
How to mitigate CVE-2026-46106
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/07004a8c4b572171934390148ee48c4175c77eed
- https://git.kernel.org/stable/c/44e64d8a432837308f4dda3ffe819f1ec092a0ba
- https://git.kernel.org/stable/c/52b109f1b875b912d4ab2c5fdd8c322d47119d9b
- https://git.kernel.org/stable/c/ae9cd0b46b1890040006a2fc5e905c5d6053fd02
- https://git.kernel.org/stable/c/ed2ad73bcb0a7a6cc934097d4853b6d5124c317e