CVE-2026-23400

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the rust binder component related to handling binder death notifications. Specifically, the set notification done() function may be called without acquiring the process lock, potentially leading to a deadlock. This can occur when a remote process dies and sends a BR DEAD BINDER message, triggering a sequence of events involving BC CLEAR DEATH NOTIFICATION and BC DEAD BINDER DONE commands. The issue arises because push work if looper() attempts to acquire the process lock while it is already held, resulting in a deadlock if the current thread is not a looper. The vulnerability is triggered by holding the proc lock during set notification done().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.