CVE-2026-53327
Received Received - Intake

debugobjects: Prevent RT lock assertion due to pi_blocked_on in fill_pool

Vulnerability report for CVE-2026-53327, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-01

Last updated on: 2026-07-01

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: debugobjects: Do not fill_pool() if pi_blocked_on On RT enabled kernels, fill_pool() ends up calling rtlock_lock(), which asserts if current::pi_blocked_on is set, because a task can obviously only block on one lock as otherwise the priority inheritenace chain gets corrupted. Prevent this by expanding the conditional to take current::pi_blocked_on into account.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-01
Last Modified
2026-07-01
Generated
2026-07-01
AI Q&A
2026-07-01
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's debugobjects component. Specifically, the function fill_pool() is called on RT (real-time) enabled kernels and ends up calling rtlock_lock(). If the current task is already blocked on another lock (indicated by current::pi_blocked_on being set), rtlock_lock() asserts because a task can only block on one lock at a time to avoid corruption of the priority inheritance chain. The vulnerability arises because fill_pool() did not check if current::pi_blocked_on was set before proceeding, potentially causing assertion failures and priority inheritance chain corruption.

The fix prevents this issue by expanding the conditional logic in fill_pool() to take current::pi_blocked_on into account, thereby avoiding calling rtlock_lock() when the current task is already blocked on a lock.

Impact Analysis

This vulnerability can lead to assertion failures in the Linux kernel on real-time enabled systems, potentially causing system instability or crashes. Because the priority inheritance chain can become corrupted if a task blocks on multiple locks, this may affect the scheduling and real-time behavior of the system, leading to degraded performance or unexpected behavior in time-sensitive applications.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53327. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart