CVE-2026-46259

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

In the Linux kernel, the following vulnerability has been resolved:

procfs: fix missing RCU protection when reading real parent in do task stat()

When reading /proc/[pid]/stat, do task stat() accesses task->real parent without proper RCU protection, which leads to:

cpu 0 cpu 1

do task stat var = task->real parent release task call rcu(delayed put task struct) task tgid nr ns(var) rcu read lock <--- Too late to protect task->real parent! task pid ptr <--- UAF! rcu read unlock

This patch uses task ppid nr ns() instead of task tgid nr ns() to add proper RCU protection for accessing task->real parent.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-46259

Affected Products

Linux

CVE-2026-46259

Related Identifiers

Affected Products

References · 9