CVE-2026-52936
Analyzed Analyzed - Analysis Complete

Jitterentropy Spinlock Replacement in Linux Kernel

Vulnerability report for CVE-2026-52936, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-24

Last updated on: 2026-07-08

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: jitterentropy - replace long-held spinlock with mutex jent_kcapi_random() serializes the shared jitterentropy state, but it currently holds a spinlock across the jent_read_entropy() call. That path performs expensive jitter collection and SHA3 conditioning, so parallel readers can trigger stalls as contending waiters spin for the same lock. To prevent non-preemptible lock hold, replace rng->jent_lock with a mutex so contended readers sleep instead of spinning on a shared lock held across expensive entropy generation.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-24
Last Modified
2026-07-08
Generated
2026-07-14
AI Q&A
2026-06-24
EPSS Evaluated
2026-07-13
NVD
EUVD

Affected Vendors & Products

Showing 4 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.7 (inc) to 6.12.91 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.33 (exc)
linux linux_kernel From 6.19 (inc) to 7.0.10 (exc)
linux linux_kernel From 4.2 (inc) to 6.6.141 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's jitterentropy random number generator. The function jent_kcapi_random() serializes access to the shared jitterentropy state by holding a spinlock during the jent_read_entropy() call. Since this call involves expensive operations like jitter collection and SHA3 conditioning, holding a spinlock causes parallel readers to spin and wait, leading to stalls.

The fix replaces the long-held spinlock with a mutex, so that contended readers sleep instead of spinning. This prevents the non-preemptible lock hold and reduces contention and stalls during entropy generation.

Impact Analysis

This vulnerability can cause performance degradation in systems using the Linux kernel's jitterentropy random number generator. Because parallel readers spin while waiting for the spinlock to be released during expensive entropy generation, it can lead to CPU stalls and reduced system responsiveness.

By replacing the spinlock with a mutex, the fix reduces CPU spinning and improves concurrency, preventing potential system slowdowns caused by contention on the entropy generation lock.

Mitigation Strategies

This vulnerability in the Linux kernel involves a spinlock being held for a long time during entropy generation, which can cause stalls. The fix replaces the spinlock with a mutex to avoid non-preemptible lock holds.

To mitigate this vulnerability immediately, you should update your Linux kernel to a version where this issue is resolved, as the fix involves kernel code changes.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-52936. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart