Home

Description

In the Linux kernel, the following vulnerability has been resolved: eventpoll: defer struct eventpoll free to RCU grace period In certain situations, ep_free() in eventpoll.c will kfree the epi->ep eventpoll struct while it still being used by another concurrent thread. Defer the kfree() to an RCU callback to prevent UAF.

PUBLISHED Reserved 2026-05-01 | Published 2026-05-06 | Updated 2026-05-08 | Assigner Linux




HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Product status

Default status
unaffected

58c9b016e12855286370dfb704c08498edbc857a (git) before a6566cd33f6f967a7651ebf2ce0dd31572e319cf
affected

58c9b016e12855286370dfb704c08498edbc857a (git) before 5b1173b165421561db29f30afc7e97d940a398a9
affected

58c9b016e12855286370dfb704c08498edbc857a (git) before 7e8083f5eeedab0f460063b9c2c14c9a4e71a427
affected

58c9b016e12855286370dfb704c08498edbc857a (git) before ae0bb9c1fb7c2594519aeeb096cf2c3b7837b322
affected

58c9b016e12855286370dfb704c08498edbc857a (git) before 07712db80857d5d09ae08f3df85a708ecfc3b61f
affected

Default status
affected

6.4
affected

Any version before 6.4
unaffected

6.6.136 (semver)
unaffected

6.12.83 (semver)
unaffected

6.18.24 (semver)
unaffected

6.19.14 (semver)
unaffected

7.0 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/a6566cd33f6f967a7651ebf2ce0dd31572e319cf

git.kernel.org/...c/5b1173b165421561db29f30afc7e97d940a398a9

git.kernel.org/...c/7e8083f5eeedab0f460063b9c2c14c9a4e71a427

git.kernel.org/...c/ae0bb9c1fb7c2594519aeeb096cf2c3b7837b322

git.kernel.org/...c/07712db80857d5d09ae08f3df85a708ecfc3b61f

cve.org (CVE-2026-43074)

nvd.nist.gov (CVE-2026-43074)

Download JSON