CVE-2026-43178
Double mmput in Linux Kernel procfs
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux_kernel | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's procfs subsystem, specifically in the function do_procmap_query(). When a user provides an incorrectly sized buffer for the build ID during a PROCMAP_QUERY, the system returns an -ENAMETOOLONG error. However, due to recent changes, this error occurs after unlocking certain locks and performing a memory management put operation (mmput()). The original error handling code then mistakenly performs a second mmput() on the same memory structure, causing a double mmput() issue. The fix involves adjusting the error handling to clean up only specific resources to avoid this double mmput().
How can this vulnerability impact me? :
The vulnerability can lead to a double mmput() call on a memory management structure, which may cause memory corruption or instability in the Linux kernel. This could potentially result in system crashes or unpredictable behavior, impacting system reliability and security.