CVE-2026-43178
Published: May 6, 2026
Modified: May 23, 2026
CVSS v3.1
7.8
Description
In the Linux kernel, the following vulnerability has been resolved: procfs: fix possible double mmput() in do_procmap_query() When user provides incorrectly sized buffer for build ID for PROCMAP_QUERY we return with -ENAMETOOLONG error. After recent changes this condition happens later, after we unlocked mmap_lock/per-VMA lock and did mmput(), so original goto out is now wrong and will double-mmput() mm_struct. Fix by jumping further to clean up only vm_file and name_buf.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected b9b97e6aeb534315f9646b2090d1a5024c6a4e82 - < f9fe092084cd04deea18747f58a2304026e76aaaaffected cbc03ce3e6ce7e21214c3f02218213574c1a2d08 - < 8adaff87db143583e08eec4f4e7788f1ef8af94daffected b5cbacd7f86f4f62b8813688c8e73be94e8e1951 - < 90f5e87c9b75833b9ef3a4415b92c0247f28ab2faffected b5cbacd7f86f4f62b8813688c8e73be94e8e1951 - < 61dc9f776705d6db6847c101b98fa4f0e9eb6fa3affected 6.12.70 - < 6.12.75+1 more versions |
Linux | Linux | affected 6.19unaffected 0 - < 6.19unaffected 6.12.75 - <= 6.12.*unaffected 6.18.16 - <= 6.18.*unaffected 6.19.6 - <= 6.19.*+1 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now