CVE-2026-53361

Summary

In the Linux kernel, the following vulnerability has been resolved:

af_unix: Set gc_in_progress to true in unix_gc().

Igor Ushakov reported that unix_gc() could run with gc_in_progress being false if the work is scheduled while running:

Thread 1 Thread 2 Thread 3


               unix_schedule_gc()           unix_schedule_gc()
               `- if (!gc_in_progress)      `- if (!gc_in_progress)
                  |- gc_in_progress = true     |
                  `- queue_work()              |

unix_gc() <—————-/ | | |- gc_in_progress = true … - queue_work() | | - gc_in_progress = false | | unix_gc() <———————————————' | … /* gc_in_progress == false */ | `- gc_in_progress = false

unix_peek_fpl() relies on gc_in_progress not to confuse GC by MSG_PEEK.

Let's set gc_in_progress to true in unix_gc().

Affected Software

VendorProductVersion RangeStatus
LinuxLinux328840c93bd6a4871dd10908d01b41eab83eb8e2 < 82c17e13d404f686e164590483fd6c1abaa675d0affected
LinuxLinux8b90a9f819dc2a06baae4ec1a64d875e53b824ec < 591f1ac217428a6d2b32a8ac14aac0fab44f155aaffected
LinuxLinux8b90a9f819dc2a06baae4ec1a64d875e53b824ec < 0cfa78c050662784fc8e3ab26dbfd1dc632b2082affected
LinuxLinux8b90a9f819dc2a06baae4ec1a64d875e53b824ec < d82ba05263c69fa2437fe93e4e561cc40f4c03afaffected
LinuxLinuxceb8bd6c69c1680fd9b45e7f16d7170c9c7513a5affected
LinuxLinux6.6.93 < 6.6.144affected
LinuxLinux6.1.141 < 6.2affected
LinuxLinux6.9affected
LinuxLinux0 < 6.9unaffected
LinuxLinux6.6.144 <= 6.6.*unaffected
LinuxLinux6.12.95 <= 6.12.*unaffected
LinuxLinux6.18.38 <= 6.18.*unaffected
LinuxLinux7.1 <= *unaffected

Weaknesses

References