VYPR
Medium severity5.5NVD Advisory· Published Mar 25, 2026· Updated Apr 24, 2026

CVE-2026-23380

CVE-2026-23380

Description

In the Linux kernel, the following vulnerability has been resolved:

tracing: Fix WARN_ON in tracing_buffers_mmap_close

When a process forks, the child process copies the parent's VMAs but the user_mapped reference count is not incremented. As a result, when both the parent and child processes exit, tracing_buffers_mmap_close() is called twice. On the second call, user_mapped is already 0, causing the function to return -ENODEV and triggering a WARN_ON.

Normally, this isn't an issue as the memory is mapped with VM_DONTCOPY set. But this is only a hint, and the application can call madvise(MADVISE_DOFORK) which resets the VM_DONTCOPY flag. When the application does that, it can trigger this issue on fork.

Fix it by incrementing the user_mapped reference count without re-mapping the pages in the VMA's open callback.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

37

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.