CVE-2026-23380

EPSS 0.02%
Veröffentlicht 25.03.2026 10:27:59
Zuletzt bearbeitet 24.04.2026 16:28:47
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

tracing: Fix WARN_ON in tracing_buffers_mmap_close

In the Linux kernel, the following vulnerability has been resolved:

tracing: Fix WARN_ON in tracing_buffers_mmap_close

When a process forks, the child process copies the parent's VMAs but the
user_mapped reference count is not incremented. As a result, when both the
parent and child processes exit, tracing_buffers_mmap_close() is called
twice. On the second call, user_mapped is already 0, causing the function to
return -ENODEV and triggering a WARN_ON.

Normally, this isn't an issue as the memory is mapped with VM_DONTCOPY set.
But this is only a hint, and the application can call
madvise(MADVISE_DOFORK) which resets the VM_DONTCOPY flag. When the
application does that, it can trigger this issue on fork.

Fix it by incrementing the user_mapped reference count without re-mapping
the pages in the VMA's open callback.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

NVD 11 VulnDex Vulnerability Enrichment 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 6.10.1 < 6.12.77

Linux ≫ Linux Kernel Version >= 6.13 < 6.18.17

Linux ≫ Linux Kernel Version >= 6.19 < 6.19.7

Linux ≫ Linux Kernel Version6.10 Update-

Linux ≫ Linux Kernel Version7.0 Updaterc1

Linux ≫ Linux Kernel Version7.0 Updaterc2

Linux ≫ Linux Kernel Version7.0 Updaterc3

Linux ≫ Linux Kernel Version7.0 Updaterc4

Linux ≫ Linux Kernel Version7.0 Updaterc5

Linux ≫ Linux Kernel Version7.0 Updaterc6

Linux ≫ Linux Kernel Version7.0 Updaterc7

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.031

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://git.kernel.org/stable/c/91f3e8d84c89918769e71393f839c9fefadc2580

Patch

https://git.kernel.org/stable/c/cdd96641b64297a2db42676f051362b76280a58b

Patch

https://git.kernel.org/stable/c/b0f269ba6fefe9e3cb9feedcf78fcd0b633800c0

Patch

https://git.kernel.org/stable/c/e39bb9e02b68942f8e9359d2a3efe7d37ae6be0e

Patch

https://nvd.nist.gov/vuln/detail/CVE-2026-23380

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-23380

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-23380

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-23380