CVE-2026-52936
Received Received - Intake
Jitterentropy Spinlock Replacement in Linux Kernel

Publication date: 2026-06-24

Last updated on: 2026-06-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: crypto: jitterentropy - replace long-held spinlock with mutex jent_kcapi_random() serializes the shared jitterentropy state, but it currently holds a spinlock across the jent_read_entropy() call. That path performs expensive jitter collection and SHA3 conditioning, so parallel readers can trigger stalls as contending waiters spin for the same lock. To prevent non-preemptible lock hold, replace rng->jent_lock with a mutex so contended readers sleep instead of spinning on a shared lock held across expensive entropy generation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-24
Last Modified
2026-06-24
Generated
2026-06-24
AI Q&A
2026-06-24
EPSS Evaluated
N/A
NVD
CVE-2026-52936
EUVD
EUVD-2026-38706
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's jitterentropy random number generator. The function jent_kcapi_random() serializes access to the shared jitterentropy state by holding a spinlock during the jent_read_entropy() call. Since this call involves expensive operations like jitter collection and SHA3 conditioning, holding a spinlock causes parallel readers to spin and wait, leading to stalls.

The fix replaces the long-held spinlock with a mutex, so that contended readers sleep instead of spinning. This prevents the non-preemptible lock hold and reduces contention and stalls during entropy generation.

Impact Analysis

This vulnerability can cause performance degradation in systems using the Linux kernel's jitterentropy random number generator. Because parallel readers spin while waiting for the spinlock to be released during expensive entropy generation, it can lead to CPU stalls and reduced system responsiveness.

By replacing the spinlock with a mutex, the fix reduces CPU spinning and improves concurrency, preventing potential system slowdowns caused by contention on the entropy generation lock.

Mitigation Strategies

This vulnerability in the Linux kernel involves a spinlock being held for a long time during entropy generation, which can cause stalls. The fix replaces the spinlock with a mutex to avoid non-preemptible lock holds.

To mitigate this vulnerability immediately, you should update your Linux kernel to a version where this issue is resolved, as the fix involves kernel code changes.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-52936. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart