CVE-2026-43178

EUVD-2026-27738

06.05.2026, 12:16

In the Linux kernel, the following vulnerability has been resolved:

procfs: fix possible double mmput() in do_procmap_query()

When user provides incorrectly sized buffer for build ID for PROCMAP_QUERY
we return with -ENAMETOOLONG error. After recent changes this condition
happens later, after we unlocked mmap_lock/per-VMA lock and did mmput(),
so original goto out is now wrong and will double-mmput() mm_struct. Fix
by jumping further to clean up only vm_file and name_buf.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 3%

Affected Products (NVD)

Vendor	Product	Version
linux	linux_kernel	6.12.70 ≤ 𝑥 < 6.12.75
linux	linux_kernel	6.18.10 ≤ 𝑥 < 6.18.16
linux	linux_kernel	6.19.1 ≤ 𝑥 < 6.19.6
linux	linux_kernel	6.19

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bookworm	6.1.170-3 fixed
bookworm (security)	6.1.174-1 fixed
bullseye	5.10.223-1 fixed
bullseye (security)	5.10.257-1 fixed
forky	7.0.12-2 fixed
sid	7.0.13-1 fixed
trixie	6.12.86-1 fixed
trixie (security)	6.12.94-1 fixed

Amazon Linux Releases

Amazon Package

Release

bpftool6.12

Amazon Linux 2023

1:6.12.77-99.140.amzn2023

fixed

bpftool6.12-debuginfo

Amazon Linux 2023

1:6.12.77-99.140.amzn2023

fixed

kernel-livepatch-6.12.77-99.140

Amazon Linux 2023

1:1.0-0.amzn2023

fixed

kernel6.12

Amazon Linux 2023

1:6.12.77-99.140.amzn2023

fixed

kernel6.12-debuginfo

Amazon Linux 2023

1:6.12.77-99.140.amzn2023

fixed

kernel6.12-debuginfo-common-aarch64

Amazon Linux 2023

1:6.12.77-99.140.amzn2023

fixed

kernel6.12-debuginfo-common-x86_64

Amazon Linux 2023

1:6.12.77-99.140.amzn2023

fixed

kernel6.12-devel

Amazon Linux 2023

1:6.12.77-99.140.amzn2023

fixed

kernel6.12-headers

Amazon Linux 2023

1:6.12.77-99.140.amzn2023

fixed

kernel6.12-libbpf

Amazon Linux 2023

1:6.12.77-99.140.amzn2023

fixed

kernel6.12-libbpf-debuginfo

Amazon Linux 2023

1:6.12.77-99.140.amzn2023

fixed

kernel6.12-libbpf-devel

Amazon Linux 2023

1:6.12.77-99.140.amzn2023

fixed

kernel6.12-libbpf-static

Amazon Linux 2023

1:6.12.77-99.140.amzn2023

fixed

kernel6.12-modules-extra

Amazon Linux 2023

1:6.12.77-99.140.amzn2023

fixed

kernel6.12-modules-extra-common

Amazon Linux 2023

1:6.12.77-99.140.amzn2023

fixed

kernel6.12-tools

Amazon Linux 2023

1:6.12.77-99.140.amzn2023

fixed

kernel6.12-tools-debuginfo

Amazon Linux 2023

1:6.12.77-99.140.amzn2023

fixed

kernel6.12-tools-devel

Amazon Linux 2023

1:6.12.77-99.140.amzn2023

fixed

perf6.12

Amazon Linux 2023

1:6.12.77-99.140.amzn2023

fixed

perf6.12-debuginfo

Amazon Linux 2023

1:6.12.77-99.140.amzn2023

fixed

python3-perf6.12

Amazon Linux 2023

1:6.12.77-99.140.amzn2023

fixed

python3-perf6.12-debuginfo

Amazon Linux 2023

1:6.12.77-99.140.amzn2023

fixed

Common Weakness Enumeration

CWE-415 - Double Free
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um nicht spezifizierte Angriffe durchzuführen, möglicherweise Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren oder offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.
Published: 2026-05-06T22:00:00+00:00

References

https://git.kernel.org/stable/c/61dc9f776705d6db6847c101b98fa4f0e9eb6fa3

https://git.kernel.org/stable/c/8adaff87db143583e08eec4f4e7788f1ef8af94d

https://git.kernel.org/stable/c/90f5e87c9b75833b9ef3a4415b92c0247f28ab2f

https://git.kernel.org/stable/c/f9fe092084cd04deea18747f58a2304026e76aaa