PT-2026-42399 · Linux+1 · Linux Kernel+1
75Acol
+4
·
Published
2026-05-21
·
Updated
2026-05-31
·
CVE-2026-45251
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux Kernel (affected versions not specified)
Description
A use-after-free issue exists where a file descriptor can be closed while a thread is blocked in a
poll(2) or select(2) call waiting for that descriptor. Since the blocked thread does not hold a reference to the underlying object, the object may be freed while the thread remains blocked. The kernel fails to unlink blocked threads from the per-object wait queue for certain file descriptor types before freeing the object. Consequently, when the blocked thread wakes up, it accesses memory that has already been freed. This can be triggered by an unprivileged local user to obtain superuser privileges.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Freebsd
Linux Kernel