HIGHCVE-2026-43074Published Modified CNA Linux
CVE-2026-43074: eventpoll: defer struct eventpoll free to RCU grace period
In the Linux kernel, the following vulnerability has been resolved: eventpoll: defer struct eventpoll free to RCU grace period In certain situations, ep_free() in eventpoll.c will kfree the epi->ep eventpoll struct while it still being used by another concurrent thread. Defer the kfree() to an RCU callback to prevent UAF.
Metrics
- CVSS v3.1
- 7.8
- Severity
- HIGH
- Fixed in
- 0
- Affected Products
- 2
Fix available
007712db80857d5d09ae08f3df85a708ecfc3b61f5b1173b165421561db29f30afc7e97d940a398a96.6.1366.12.836.18.246.19.147.07e8083f5eeedab0f460063b9c2c14c9a4e71a427a6566cd33f6f967a7651ebf2ce0dd31572e319cfae0bb9c1fb7c2594519aeeb096cf2c3b7837b322
Affected packages
- Linux / Linux< a6566cd33f6f967a7651ebf2ce0dd31572e319cf (from 58c9b016e12855286370dfb704c08498edbc857a) · < 5b1173b165421561db29f30afc7e97d940a398a9 (from 58c9b016e12855286370dfb704c08498edbc857a) · < 7e8083f5eeedab0f460063b9c2c14c9a4e71a427 (from 58c9b016e12855286370dfb704c08498edbc857a) · < ae0bb9c1fb7c2594519aeeb096cf2c3b7837b322 (from 58c9b016e12855286370dfb704c08498edbc857a) · < 07712db80857d5d09ae08f3df85a708ecfc3b61f (from 58c9b016e12855286370dfb704c08498edbc857a)
- Linux / Linux6.4Fixed in 0, 6.6.136, 6.12.83, 6.18.24, 6.19.14, 7.0
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H