PT-2026-42399 · Linux+1 · Linux Kernel+1

75Acol

+4

·

Published

2026-05-21

·

Updated

2026-05-31

·

CVE-2026-45251

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux Kernel (affected versions not specified)
Description A use-after-free issue exists where a file descriptor can be closed while a thread is blocked in a poll(2) or select(2) call waiting for that descriptor. Since the blocked thread does not hold a reference to the underlying object, the object may be freed while the thread remains blocked. The kernel fails to unlink blocked threads from the per-object wait queue for certain file descriptor types before freeing the object. Consequently, when the blocked thread wakes up, it accesses memory that has already been freed. This can be triggered by an unprivileged local user to obtain superuser privileges.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-45251

Affected Products

Freebsd
Linux Kernel