CVE-2026-43074
Published: May 6, 2026
Modified: Jun 1, 2026
CVSS v3.1
7.8
Description
In the Linux kernel, the following vulnerability has been resolved: eventpoll: defer struct eventpoll free to RCU grace period In certain situations, ep_free() in eventpoll.c will kfree the epi->ep eventpoll struct while it still being used by another concurrent thread. Defer the kfree() to an RCU callback to prevent UAF.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected f2451def095c1743adcfcb0cb5dadc86034e162a - < 902120be4f44947df6311002addc7faf69bdbff1affected a1f93804449d13f97dabd4b996817de4bf1ed67a - < a6d57084372161f86660bc4607784420e00efe2caffected 58c9b016e12855286370dfb704c08498edbc857a - < a6566cd33f6f967a7651ebf2ce0dd31572e319cfaffected 58c9b016e12855286370dfb704c08498edbc857a - < 5b1173b165421561db29f30afc7e97d940a398a9affected 58c9b016e12855286370dfb704c08498edbc857a - < 7e8083f5eeedab0f460063b9c2c14c9a4e71a427+2 more versions |
Linux | Linux | affected 6.4unaffected 0 - < 6.4unaffected 6.6.136 - <= 6.6.*unaffected 6.12.83 - <= 6.12.*unaffected 6.18.24 - <= 6.18.*+2 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now