CVE-2026-43074

Summary

In the Linux kernel, the following vulnerability has been resolved:

eventpoll: defer struct eventpoll free to RCU grace period

In certain situations, ep_free() in eventpoll.c will kfree the epi->ep eventpoll struct while it still being used by another concurrent thread. Defer the kfree() to an RCU callback to prevent UAF.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxf2451def095c1743adcfcb0cb5dadc86034e162a < 902120be4f44947df6311002addc7faf69bdbff1affected
LinuxLinuxa1f93804449d13f97dabd4b996817de4bf1ed67a < a6d57084372161f86660bc4607784420e00efe2caffected
LinuxLinux58c9b016e12855286370dfb704c08498edbc857a < a6566cd33f6f967a7651ebf2ce0dd31572e319cfaffected
LinuxLinux58c9b016e12855286370dfb704c08498edbc857a < 5b1173b165421561db29f30afc7e97d940a398a9affected
LinuxLinux58c9b016e12855286370dfb704c08498edbc857a < 7e8083f5eeedab0f460063b9c2c14c9a4e71a427affected
LinuxLinux58c9b016e12855286370dfb704c08498edbc857a < ae0bb9c1fb7c2594519aeeb096cf2c3b7837b322affected
LinuxLinux58c9b016e12855286370dfb704c08498edbc857a < 07712db80857d5d09ae08f3df85a708ecfc3b61faffected
LinuxLinux6.4affected
LinuxLinux0 < 6.4unaffected
LinuxLinux6.6.136 <= 6.6.*unaffected
LinuxLinux6.12.83 <= 6.12.*unaffected
LinuxLinux6.18.24 <= 6.18.*unaffected
LinuxLinux6.19.14 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References