-

CVE-2026-53035

bpf, sockmap: Fix af_unix iter deadlock

In the Linux kernel, the following vulnerability has been resolved:

bpf, sockmap: Fix af_unix iter deadlock

bpf_iter_unix_seq_show() may deadlock when lock_sock_fast() takes the fast
path and the iter prog attempts to update a sockmap. Which ends up spinning
at sock_map_update_elem()'s bh_lock_sock():

WARNING: possible recursive locking detected
test_progs/1393 is trying to acquire lock:
ffff88811ec25f58 (slock-AF_UNIX){+...}-{3:3}, at: sock_map_update_elem+0xdb/0x1f0

but task is already holding lock:
ffff88811ec25f58 (slock-AF_UNIX){+...}-{3:3}, at: __lock_sock_fast+0x37/0xe0

other info that might help us debug this:
 Possible unsafe locking scenario:

       CPU0
       ----
  lock(slock-AF_UNIX);
  lock(slock-AF_UNIX);

 *** DEADLOCK ***

 May be due to missing lock nesting notation

4 locks held by test_progs/1393:
 #0: ffff88814b59c790 (&p->lock){+.+.}-{4:4}, at: bpf_seq_read+0x59/0x10d0
 #1: ffff88811ec25fd8 (sk_lock-AF_UNIX){+.+.}-{0:0}, at: bpf_seq_read+0x42c/0x10d0
 #2: ffff88811ec25f58 (slock-AF_UNIX){+...}-{3:3}, at: __lock_sock_fast+0x37/0xe0
 #3: ffffffff85a6a7c0 (rcu_read_lock){....}-{1:3}, at: bpf_iter_run_prog+0x51d/0xb00

Call Trace:
 dump_stack_lvl+0x5d/0x80
 print_deadlock_bug.cold+0xc0/0xce
 __lock_acquire+0x130f/0x2590
 lock_acquire+0x14e/0x2b0
 _raw_spin_lock+0x30/0x40
 sock_map_update_elem+0xdb/0x1f0
 bpf_prog_2d0075e5d9b721cd_dump_unix+0x55/0x4f4
 bpf_iter_run_prog+0x5b9/0xb00
 bpf_iter_unix_seq_show+0x1f7/0x2e0
 bpf_seq_read+0x42c/0x10d0
 vfs_read+0x171/0xb20
 ksys_read+0xff/0x200
 do_syscall_64+0x6b/0x3a0
 entry_SYSCALL_64_after_hwframe+0x76/0x7e
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version 2c860a43dd77f969bb959336a2f743d7103a8f63
Version < bd3592129f24243713673a07225cf1f15a9bb835
Status affected
Version 2c860a43dd77f969bb959336a2f743d7103a8f63
Version < 3cef33b9813b78f227942572fb317afcd5c9ac94
Status affected
Version 2c860a43dd77f969bb959336a2f743d7103a8f63
Version < 87828b380956d4986f59f2c086e0b09b3e6cdaae
Status affected
Version 2c860a43dd77f969bb959336a2f743d7103a8f63
Version < 527057ebe8076dfbcaef51195ff1b7508646be2c
Status affected
Version 2c860a43dd77f969bb959336a2f743d7103a8f63
Version < 66d9fab4565eafe1afe7ba0581f79b76073b60fa
Status affected
Version 2c860a43dd77f969bb959336a2f743d7103a8f63
Version < 4d328dd695383224aa750ddee6b4ad40c0f8d205
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 5.15
Status affected
Version 0
Version < 5.15
Status unaffected
Version <= 6.1.*
Version 6.1.175
Status unaffected
Version <= 6.6.*
Version 6.6.141
Status unaffected
Version <= 6.12.*
Version 6.12.91
Status unaffected
Version <= 6.18.*
Version 6.18.33
Status unaffected
Version <= 7.0.*
Version 7.0.10
Status unaffected
Version <= *
Version 7.1
Status unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.069
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/bd3592129f24243713673a07225cf1f15a9bb835
https://git.kernel.org/stable/c/3cef33b9813b78f227942572fb317afcd5c9ac94
https://git.kernel.org/stable/c/87828b380956d4986f59f2c086e0b09b3e6cdaae
https://git.kernel.org/stable/c/527057ebe8076dfbcaef51195ff1b7508646be2c
https://git.kernel.org/stable/c/66d9fab4565eafe1afe7ba0581f79b76073b60fa
https://git.kernel.org/stable/c/4d328dd695383224aa750ddee6b4ad40c0f8d205