CVE-2026-23248

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A race condition exists in the Linux kernel perf event subsystem during ring buffer management. The issue occurs in the perf mmap() function when a mmap() setup fails and a concurrent mmap() is performed on a dependent event. Specifically, the ring buffer (rb) is assigned to event->rb while holding the mmap mutex, but the mutex is released before calling map range(). If map range() fails, perf mmap close() is called for cleanup. Because the mutex was released, another thread can acquire it, see the valid event->rb pointer, and attempt to increment its reference count. If the cleanup process has already reduced the count to zero, it leads to a use-after-free (UAF) condition or a reference count saturation warning, which may result in a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.