Description
In the Linux kernel, the following vulnerability has been resolved:

perf: Fix __perf_event_overflow() vs perf_remove_from_context() race

Make sure that __perf_event_overflow() runs with IRQs disabled for all
possible callchains. Specifically the software events can end up running
it with only preemption disabled.

This opens up a race vs perf_event_exit_event() and friends that will go
and free various things the overflow path expects to be present, like
the BPF program.
Published: 2026-03-20
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Use‑after‑free that may lead to denial of service or privilege escalation
Action: Immediate Patch
AI Analysis

Impact

The race condition occurs between __perf_event_overflow() and perf_event_exit_event() when only preemption is disabled. The overflow handler may reference structures that have already been freed, such as BPF programs, which can result in memory corruption or a system crash. If an attacker can exploit the corruption, it could potentially elevate privileges. The weakness is a resource‑management error catalogued as CWE‑367.

Affected Systems

All Linux kernel implementations prior to the commit that enforces IRQ disable in __perf_event_overflow() are affected. This includes any distribution kernel that has not yet incorporated the fix contained in the referenced commit. The vulnerability applies to any kernel with the perf subsystem and BPF support enabled.

Risk and Exploitability

The CVSS score of 7.8 indicates high severity, and the EPSS score is below 1 %, reflecting a low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Exploitation would require a local or privileged attacker to trigger a perf event overflow that races with the context cleanup path. Because the issue can cause a system crash or potential privilege escalation, administrators should treat it as high risk even if exploitation probability is low.

Generated by OpenCVE AI on April 2, 2026 at 17:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the kernel patch that disables interrupts inside __perf_event_overflow() to eliminate the race.
  • Update the kernel to a version that includes the fix, using the distribution’s package manager.
  • Verify the correct commit is present in the running kernel by checking the commit ID or reviewing the kernel changelog.

Generated by OpenCVE AI on April 2, 2026 at 17:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Wed, 25 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
References

Sat, 21 Mar 2026 05:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-367
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Fri, 20 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362
CWE-416

Fri, 20 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362
CWE-416

Fri, 20 Mar 2026 08:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: perf: Fix __perf_event_overflow() vs perf_remove_from_context() race Make sure that __perf_event_overflow() runs with IRQs disabled for all possible callchains. Specifically the software events can end up running it with only preemption disabled. This opens up a race vs perf_event_exit_event() and friends that will go and free various things the overflow path expects to be present, like the BPF program.
Title perf: Fix __perf_event_overflow() vs perf_remove_from_context() race
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-04-02T14:44:06.640Z

Reserved: 2026-01-13T15:37:45.991Z

Link: CVE-2026-23271

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-20T09:16:11.773

Modified: 2026-04-02T15:16:28.190

Link: CVE-2026-23271

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-20T00:00:00Z

Links: CVE-2026-23271 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T20:23:19Z

Weaknesses