CVE-2026-43178 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: procfs: fix possible double mmput() in do_procmap_query() When user provides incorrectly sized buffer for build ID for PROCMAP_QUERY we return with -ENAMETOOLONG error. After recent changes this condition happens later, after we unlocked mmap_lock/per-VMA lock and did mmput(), so original goto out is now wrong and will double-mmput() mm_struct. Fix by jumping further to clean up only vm_file and name_buf.

PUBLISHED Reserved 2026-05-01 | Published 2026-05-06 | Updated 2026-05-08 | Assigner Linux

HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Product status

Default status

unaffected

b9b97e6aeb534315f9646b2090d1a5024c6a4e82 (git) before f9fe092084cd04deea18747f58a2304026e76aaa

affected

cbc03ce3e6ce7e21214c3f02218213574c1a2d08 (git) before 8adaff87db143583e08eec4f4e7788f1ef8af94d

affected

b5cbacd7f86f4f62b8813688c8e73be94e8e1951 (git) before 90f5e87c9b75833b9ef3a4415b92c0247f28ab2f

affected

b5cbacd7f86f4f62b8813688c8e73be94e8e1951 (git) before 61dc9f776705d6db6847c101b98fa4f0e9eb6fa3

affected

Default status

affected

6.19

affected

Any version before 6.19

unaffected

6.12.75 (semver)

unaffected

6.18.16 (semver)

unaffected

6.19.6 (semver)

unaffected

7.0 (original_commit_for_fix)

unaffected

References

git.kernel.org/...c/f9fe092084cd04deea18747f58a2304026e76aaa

git.kernel.org/...c/8adaff87db143583e08eec4f4e7788f1ef8af94d

git.kernel.org/...c/90f5e87c9b75833b9ef3a4415b92c0247f28ab2f

git.kernel.org/...c/61dc9f776705d6db6847c101b98fa4f0e9eb6fa3

cve.org (CVE-2026-43178)

nvd.nist.gov (CVE-2026-43178)

Download JSON

help @ threatint.eu