CVE-2026-23134

EUVD-2026-5903
In the Linux kernel, the following vulnerability has been resolved:

slab: fix kmalloc_nolock() context check for PREEMPT_RT

On PREEMPT_RT kernels, local_lock becomes a sleeping lock. The current
check in kmalloc_nolock() only verifies we're not in NMI or hard IRQ
context, but misses the case where preemption is disabled.

When a BPF program runs from a tracepoint with preemption disabled
(preempt_count > 0), kmalloc_nolock() proceeds to call
local_lock_irqsave() which attempts to acquire a sleeping lock,
triggering:

  BUG: sleeping function called from invalid context
  in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 6128
  preempt_count: 2, expected: 0

Fix this by checking !preemptible() on PREEMPT_RT, which directly
expresses the constraint that we cannot take a sleeping lock when
preemption is disabled. This encompasses the previous checks for NMI
and hard IRQ contexts while also catching cases where preemption is
disabled.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.159-1
not-affected
bookworm (security)
6.1.162-1
fixed
bullseye
5.10.223-1
not-affected
bullseye (security)
5.10.249-1
fixed
forky
6.18.9-1
fixed
sid
6.18.12-1
fixed
trixie
6.12.63-1
not-affected
trixie (security)
6.12.73-1
fixed
References
https://git.kernel.org/stable/c/99a3e3a1cfc93b8fe318c0a3a5cfb01f1d4ad53c
https://git.kernel.org/stable/c/f60ba4a97ae3f94e4818722ed2e4d260bbb17b44