PT-2026-51840 · Linux · Linux

Publicado

2026-06-24

·

Atualizado

2026-06-24

·

CVE-2026-52946

Nenhuma

Não há classificações de severidade ou métricas disponíveis. Quando houver, atualizaremos as informações correspondentes na página.
In the Linux kernel, the following vulnerability has been resolved:
fs/fcntl: fix SOFTIRQ-unsafe lock order in fasync signaling
A SOFTIRQ-safe to SOFTIRQ-unsafe lock order deadlock can occur in send sigio() and send sigurg() when a process group receives a signal.
When FASYNC is configured for a process group (PIDTYPE PGID), both functions use read lock(&tasklist lock) to traverse the task list. However, they are frequently called from softirq context:
  • send sigio() via input inject event -> kill fasync
  • send sigurg() via tcp check urg -> sk send sigurg (NET RX SOFTIRQ)
The deadlock is caused by the rwlock writer fairness mechanism:
  1. CPU 0 (process context) holds read lock(&tasklist lock) in do wait().
  2. CPU 1 (process context) attempts write lock(&tasklist lock) in fork() or exit() and spins, which blocks all new readers.
  3. CPU 0 is interrupted by a softirq (e.g., TCP URG packet reception).
  4. The softirq calls send sigurg() and attempts to acquire read lock(&tasklist lock), deadlocking because CPU 1 is waiting.
Since PID hashing and do each pid task() traversals are already RCU-protected, the read lock on tasklist lock is no longer strictly required for safe traversal. Fix this by replacing tasklist lock with rcu read lock(), aligning the process group signaling path with the single-PID path. This also mitigates a potential remote denial of service vector via TCP URG packets.

Lockdep splat:

WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [...] Chain exists of: &dev->event lock --> &f owner->lock --> tasklist lock
Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(tasklist lock); local irq disable(); lock(&dev->event lock); lock(&f owner->lock); lock(&dev->event lock);
*** DEADLOCK ***
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Identificadores relacionados

CVE-2026-52946

Produtos afetados

Linux