CVE-2026-23271
Published: Mar 20, 2026
Modified: May 11, 2026
CVSS v3.1
7.8
Description
In the Linux kernel, the following vulnerability has been resolved: perf: Fix __perf_event_overflow() vs perf_remove_from_context() race Make sure that __perf_event_overflow() runs with IRQs disabled for all possible callchains. Specifically the software events can end up running it with only preemption disabled. This opens up a race vs perf_event_exit_event() and friends that will go and free various things the overflow path expects to be present, like the BPF program.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 592903cdcbf606a838056bae6d03fc557806c914 - < 4df1a45819e50993cb351682a6ae8e7ed2d233a0affected 592903cdcbf606a838056bae6d03fc557806c914 - < 4f8d5812337871227bb2c98669a87c306a2f86efaffected 592903cdcbf606a838056bae6d03fc557806c914 - < 5c48fdc4b4623533d86e279f51531a7ba212eb87affected 592903cdcbf606a838056bae6d03fc557806c914 - < 3f89b61dd504c5b6711de9759e053b082f9abf12affected 592903cdcbf606a838056bae6d03fc557806c914 - < bb190628fe5f2a73ba762a9972ba16c5e895f73e+1 more versions |
Linux | Linux | affected 2.6.31unaffected 0 - < 2.6.31unaffected 6.1.167 - <= 6.1.*unaffected 6.6.130 - <= 6.6.*unaffected 6.12.77 - <= 6.12.*+3 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now