{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23271", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.991Z", "datePublished": "2026-03-20T08:08:46.711Z", "dateUpdated": "2026-03-20T08:08:46.711Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-03-20T08:08:46.711Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix __perf_event_overflow() vs perf_remove_from_context() race\n\nMake sure that __perf_event_overflow() runs with IRQs disabled for all\npossible callchains. Specifically the software events can end up running\nit with only preemption disabled.\n\nThis opens up a race vs perf_event_exit_event() and friends that will go\nand free various things the overflow path expects to be present, like\nthe BPF program."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/events/core.c"], "versions": [{"version": "592903cdcbf606a838056bae6d03fc557806c914", "lessThan": "5c48fdc4b4623533d86e279f51531a7ba212eb87", "status": "affected", "versionType": "git"}, {"version": "592903cdcbf606a838056bae6d03fc557806c914", "lessThan": "3f89b61dd504c5b6711de9759e053b082f9abf12", "status": "affected", "versionType": "git"}, {"version": "592903cdcbf606a838056bae6d03fc557806c914", "lessThan": "bb190628fe5f2a73ba762a9972ba16c5e895f73e", "status": "affected", "versionType": "git"}, {"version": "592903cdcbf606a838056bae6d03fc557806c914", "lessThan": "c9bc1753b3cc41d0e01fbca7f035258b5f4db0ae", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/events/core.c"], "versions": [{"version": "2.6.31", "status": "affected"}, {"version": "0", "lessThan": "2.6.31", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.77", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0-rc2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.31", "versionEndExcluding": "6.12.77"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.31", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.31", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.31", "versionEndExcluding": "7.0-rc2"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/5c48fdc4b4623533d86e279f51531a7ba212eb87"}, {"url": "https://git.kernel.org/stable/c/3f89b61dd504c5b6711de9759e053b082f9abf12"}, {"url": "https://git.kernel.org/stable/c/bb190628fe5f2a73ba762a9972ba16c5e895f73e"}, {"url": "https://git.kernel.org/stable/c/c9bc1753b3cc41d0e01fbca7f035258b5f4db0ae"}], "title": "perf: Fix __perf_event_overflow() vs perf_remove_from_context() race", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix __perf_event_overflow() vs perf_remove_from_context() race\n\nMake sure that __perf_event_overflow() runs with IRQs disabled for all\npossible callchains. Specifically the software events can end up running\nit with only preemption disabled.\n\nThis opens up a race vs perf_event_exit_event() and friends that will go\nand free various things the overflow path expects to be present, like\nthe BPF program."}], "id": "CVE-2026-23271", "lastModified": "2026-03-20T13:37:50.737", "metrics": {}, "published": "2026-03-20T09:16:11.773", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3f89b61dd504c5b6711de9759e053b082f9abf12"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/5c48fdc4b4623533d86e279f51531a7ba212eb87"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/bb190628fe5f2a73ba762a9972ba16c5e895f73e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c9bc1753b3cc41d0e01fbca7f035258b5f4db0ae"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: perf: Fix __perf_event_overflow() vs perf_remove_from_context() race", "id": "2449565", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449565"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-367", "details": ["A flaw was found in the Linux kernel's perf subsystem. A race condition exists between the `__perf_event_overflow()` function and functions like `perf_remove_from_context()` or `perf_event_exit_event()`. This occurs because `__perf_event_overflow()` may execute with only preemption disabled, allowing other operations to free resources, such as BPF (Berkeley Packet Filter) programs, that the overflow path expects to be available. This could lead to system instability or a denial of service."], "name": "CVE-2026-23271", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23271\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23271\nhttps://lore.kernel.org/linux-cve-announce/2026032031-CVE-2026-23271-657a@gregkh/T"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[592903cdcbf606a838056bae6d03fc557806c914,5c48fdc4b4623533d86e279f51531a7ba212eb87)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[592903cdcbf606a838056bae6d03fc557806c914,3f89b61dd504c5b6711de9759e053b082f9abf12)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[592903cdcbf606a838056bae6d03fc557806c914,bb190628fe5f2a73ba762a9972ba16c5e895f73e)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[592903cdcbf606a838056bae6d03fc557806c914,c9bc1753b3cc41d0e01fbca7f035258b5f4db0ae)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "2.6.31"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,2.6.31)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.77,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.17,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.7,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[7.0-rc2,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-03-20T11:24:42.506061+00:00", "value": {"mitigation_remediation": ["Apply the latest kernel update that contains the fix for CVE-2026-23271.", "Reboot the system after updating to ensure the new kernel is used.", "If an update is not immediately available, restrict or disable the perf subsystem until the patch is installed to reduce risk."], "summary": {"action": "Immediate Patch", "impact": "Use\u2011After\u2011Free / Kernel Exploit"}, "threat_synthesis": {"affected_systems": "The vulnerability applies to the Linux kernel on all platforms where the perf subsystem is enabled. No specific version range is listed in the provided data, so all current kernel releases that have not yet been patched are potentially affected. Users should verify their kernel version against the commit references cited in the advisory.", "description_and_impact": "The Linux kernel contains a race condition between __perf_event_overflow and functions that remove or exit perf events, such as perf_remove_from_context and perf_event_exit_event. During a high\u2011frequency event overflow, the overflow handler may run with only preemption disabled, potentially freeing resources such as BPF programs before the handler completes. This use\u2011after\u2011free can trigger undefined behaviour, including kernel crashes or execution of arbitrary code with kernel privileges, leading to loss of integrity and availability.", "risk_and_exploitability": "The CVSS base score is not provided, and EPSS data is unavailable; the vulnerability is not flagged in CISA\u2019s KEV. However, the nature of the race and the use\u2011after\u2011free imply that a successful exploit would require local access to trigger a perf event overflow. An attacker with such access could destabilise the system or potentially achieve local privilege escalation. The likely attack vector is privileged local manipulation of the perf subsystem, and the risk is moderate to high pending patch status."}}}}, "created": "2026-03-20T10:36:47.790629+00:00", "updated": "2026-03-20T16:27:52.619590+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}