NULL pointer dereference in Linux kernel - CVE-2026-53163
Published: June 26, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a null pointer dereference in remove_waiter() in the rtmutex futex proxy locking path when handling FUTEX_CMP_REQUEUE_PI operations during deadlock detection or proxy lock acquisition. A local user can invoke crafted futex operations to cause a denial of service.