CVE-2026-23271
Description
In the Linux kernel, the following vulnerability has been resolved:
perf: Fix __perf_event_overflow() vs perf_remove_from_context() race
Make sure that __perf_event_overflow() runs with IRQs disabled for all possible callchains. Specifically the software events can end up running it with only preemption disabled.
This opens up a race vs perf_event_exit_event() and friends that will go and free various things the overflow path expects to be present, like the BPF program.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A race condition in the Linux kernel's perf subsystem allows a use-after-free when software events trigger overflow with only preemption disabled.
Vulnerability
A race condition exists in the Linux kernel's perf subsystem between __perf_event_overflow() and perf_remove_from_context(). The overflow handler can be invoked with only run with preemption disabled for software events, rather than with IRQs fully disabled. This opens a window where perf_event_exit_event() and related functions can free resources (such as BPF programs) that the overflow path expects to still be valid [1].
Exploitation
An attacker with local access and the ability to set up software performance monitoring events can trigger the race. The attack requires precise timing to hit the window where the overflow handler executes concurrently with event teardown. No special privileges beyond those needed to use perf events are required [1].
Impact
Successful exploitation leads to a use-after-free condition, where the kernel accesses freed memory. This can result in a denial of service (system crash) or potentially privilege escalation if the freed memory is reallocated with attacker-controlled data [1].
Mitigation
The fix has been applied to the Linux kernel stable tree. Users should update to a kernel version containing the commit that ensures __perf_event_overflow() always runs with IRQs disabled [1].
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- git.kernel.org/stable/c/3f89b61dd504c5b6711de9759e053b082f9abf12nvd
- git.kernel.org/stable/c/4df1a45819e50993cb351682a6ae8e7ed2d233a0nvd
- git.kernel.org/stable/c/4f8d5812337871227bb2c98669a87c306a2f86efnvd
- git.kernel.org/stable/c/5c48fdc4b4623533d86e279f51531a7ba212eb87nvd
- git.kernel.org/stable/c/bb190628fe5f2a73ba762a9972ba16c5e895f73envd
- git.kernel.org/stable/c/c9bc1753b3cc41d0e01fbca7f035258b5f4db0aenvd
News mentions
0No linked articles in our index yet.