VYPR
High severity7.8NVD Advisory· Published Jun 3, 2026· Updated Jun 9, 2026

CVE-2026-46259

CVE-2026-46259

Description

In the Linux kernel, the following vulnerability has been resolved:

procfs: fix missing RCU protection when reading real_parent in do_task_stat()

When reading /proc/[pid]/stat, do_task_stat() accesses task->real_parent without proper RCU protection, which leads to:

cpu 0 cpu 1 ----- ----- do_task_stat var = task->real_parent release_task call_rcu(delayed_put_task_struct) task_tgid_nr_ns(var) rcu_read_lock <--- Too late to protect task->real_parent! task_pid_ptr <--- UAF! rcu_read_unlock

This patch uses task_ppid_nr_ns() instead of task_tgid_nr_ns() to add proper RCU protection for accessing task->real_parent.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

87

Patches

Vulnerability mechanics

References

8

News mentions

1