CVE-2026-52991

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A race condition exists between the pressure write operation and the cgroup file release process. This occurs because the priv member of the struct kernfs open file is not sufficiently protected by the cgroup mutex during execution in the pressure write() function. If cgroup file release() completes and frees the memory associated with of->priv while pressure write() is still accessing it, a use-after-free (UAF) condition is triggered. Additionally, a separate race condition can lead to a NULL pointer dereference if of->priv is set to NULL after a live kn lock is acquired but before the cgroup mutex is obtained.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.