5.5

CVE-2026-53274

net/smc: fix sleep-inside-lock in __smc_setsockopt() causing local DoS

In the Linux kernel, the following vulnerability has been resolved:

net/smc: fix sleep-inside-lock in __smc_setsockopt() causing local DoS

A logic flaw in __smc_setsockopt() allows a local unprivileged user to
cause a Denial of Service (DoS) by holding the socket lock indefinitely.

The function __smc_setsockopt() calls copy_from_sockptr() while holding
lock_sock(sk). By passing a userfaultfd-monitored memory page (or
FUSE-backed memory on systems where unprivileged userfaultfd is disabled)
as the optval, an attacker can halt execution during the copy operation,
keeping the lock held.

Combined with asynchronous tear-down operations like shutdown(), this
exhausts the kernel wq (kworkers) and triggers the hung task watchdog.

[  240.123456] INFO: task kworker/u8:2 blocked for more than 120 seconds.
[  240.123489] Call Trace:
[  240.123501]  smc_shutdown+...
[  240.123512]  lock_sock_nested+...

This patch moves the user-space copy outside the lock_sock() critical
section to prevent the issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.18 < 6.1.176
LinuxLinux Kernel Version >= 6.2 < 6.6.143
LinuxLinux Kernel Version >= 6.7 < 6.12.94
LinuxLinux Kernel Version >= 6.13 < 6.18.36
LinuxLinux Kernel Version >= 6.19 < 7.0.13
LinuxLinux Kernel Version7.1 Updaterc1
LinuxLinux Kernel Version7.1 Updaterc2
LinuxLinux Kernel Version7.1 Updaterc3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.13% 0.027
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/35a22117839602bb52283de08894c5a7dde92420
Patch
https://git.kernel.org/stable/c/5d27d2ffe487df89ce28fda0410eafa05dbe03a0
Patch
https://git.kernel.org/stable/c/89f6fbe0033c942cb790ffd53ca93a45eeaf1c91
Patch
https://git.kernel.org/stable/c/dcd90f42a33e4220385f27b515183d0c91b2fc4a
Patch
https://git.kernel.org/stable/c/94d286fa5eedc550d42bcb9c85416af8f77736ff
Patch
https://git.kernel.org/stable/c/a3fdd924d88c30b9f488636ce0e4696012cf5511
Patch