NULL pointer dereference in Linux kernel - CVE-2026-53166
Published: June 26, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a NULL pointer dereference in remove_waiter() in the futex requeue logic when handling FUTEX_CMP_REQUEUE_PI operations that requeue a non-top waiter which already owns the target PI futex. A local user can trigger a self-deadlock condition to cause a denial of service.