{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23271", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.991Z", "datePublished": "2026-03-20T08:08:46.711Z", "dateUpdated": "2026-03-25T10:20:44.470Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-03-25T10:20:44.470Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix __perf_event_overflow() vs perf_remove_from_context() race\n\nMake sure that __perf_event_overflow() runs with IRQs disabled for all\npossible callchains. Specifically the software events can end up running\nit with only preemption disabled.\n\nThis opens up a race vs perf_event_exit_event() and friends that will go\nand free various things the overflow path expects to be present, like\nthe BPF program."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/events/core.c"], "versions": [{"version": "592903cdcbf606a838056bae6d03fc557806c914", "lessThan": "4df1a45819e50993cb351682a6ae8e7ed2d233a0", "status": "affected", "versionType": "git"}, {"version": "592903cdcbf606a838056bae6d03fc557806c914", "lessThan": "4f8d5812337871227bb2c98669a87c306a2f86ef", "status": "affected", "versionType": "git"}, {"version": "592903cdcbf606a838056bae6d03fc557806c914", "lessThan": "5c48fdc4b4623533d86e279f51531a7ba212eb87", "status": "affected", "versionType": "git"}, {"version": "592903cdcbf606a838056bae6d03fc557806c914", "lessThan": "3f89b61dd504c5b6711de9759e053b082f9abf12", "status": "affected", "versionType": "git"}, {"version": "592903cdcbf606a838056bae6d03fc557806c914", "lessThan": "bb190628fe5f2a73ba762a9972ba16c5e895f73e", "status": "affected", "versionType": "git"}, {"version": "592903cdcbf606a838056bae6d03fc557806c914", "lessThan": "c9bc1753b3cc41d0e01fbca7f035258b5f4db0ae", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/events/core.c"], "versions": [{"version": "2.6.31", "status": "affected"}, {"version": "0", "lessThan": "2.6.31", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.167", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.130", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.77", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0-rc2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.31", "versionEndExcluding": "6.1.167"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.31", "versionEndExcluding": "6.6.130"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.31", "versionEndExcluding": "6.12.77"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.31", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.31", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.31", "versionEndExcluding": "7.0-rc2"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/4df1a45819e50993cb351682a6ae8e7ed2d233a0"}, {"url": "https://git.kernel.org/stable/c/4f8d5812337871227bb2c98669a87c306a2f86ef"}, {"url": "https://git.kernel.org/stable/c/5c48fdc4b4623533d86e279f51531a7ba212eb87"}, {"url": "https://git.kernel.org/stable/c/3f89b61dd504c5b6711de9759e053b082f9abf12"}, {"url": "https://git.kernel.org/stable/c/bb190628fe5f2a73ba762a9972ba16c5e895f73e"}, {"url": "https://git.kernel.org/stable/c/c9bc1753b3cc41d0e01fbca7f035258b5f4db0ae"}], "title": "perf: Fix __perf_event_overflow() vs perf_remove_from_context() race", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix __perf_event_overflow() vs perf_remove_from_context() race\n\nMake sure that __perf_event_overflow() runs with IRQs disabled for all\npossible callchains. Specifically the software events can end up running\nit with only preemption disabled.\n\nThis opens up a race vs perf_event_exit_event() and friends that will go\nand free various things the overflow path expects to be present, like\nthe BPF program."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nperf: Correcci\u00f3n de la condici\u00f3n de carrera entre __perf_event_overflow() y perf_remove_from_context()\n\nAsegurar que __perf_event_overflow() se ejecute con las IRQ deshabilitadas para todas las cadenas de llamadas posibles. Espec\u00edficamente, los eventos de software pueden terminar ejecut\u00e1ndolo con solo la preemption deshabilitada.\n\nEsto abre una condici\u00f3n de carrera frente a perf_event_exit_event() y funciones relacionadas que liberar\u00e1n varias cosas que la ruta de desbordamiento espera que est\u00e9n presentes, como el programa BPF."}], "id": "CVE-2026-23271", "lastModified": "2026-03-25T11:16:21.510", "metrics": {}, "published": "2026-03-20T09:16:11.773", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3f89b61dd504c5b6711de9759e053b082f9abf12"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4df1a45819e50993cb351682a6ae8e7ed2d233a0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4f8d5812337871227bb2c98669a87c306a2f86ef"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/5c48fdc4b4623533d86e279f51531a7ba212eb87"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/bb190628fe5f2a73ba762a9972ba16c5e895f73e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c9bc1753b3cc41d0e01fbca7f035258b5f4db0ae"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: perf: Fix __perf_event_overflow() vs perf_remove_from_context() race", "id": "2449565", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449565"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-367", "details": ["A flaw was found in the Linux kernel's perf subsystem. A race condition exists between the `__perf_event_overflow()` function and functions like `perf_remove_from_context()` or `perf_event_exit_event()`. This occurs because `__perf_event_overflow()` may execute with only preemption disabled, allowing other operations to free resources, such as BPF (Berkeley Packet Filter) programs, that the overflow path expects to be available. This could lead to system instability or a denial of service."], "name": "CVE-2026-23271", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23271\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23271\nhttps://lore.kernel.org/linux-cve-announce/2026032031-CVE-2026-23271-657a@gregkh/T"], "threat_severity": "Moderate"}