{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23311", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.994Z", "datePublished": "2026-03-25T10:27:06.915Z", "dateUpdated": "2026-03-25T10:27:06.915Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-03-25T10:27:06.915Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Fix invalid wait context in ctx_sched_in()\n\nLockdep found a bug in the event scheduling when a pinned event was\nfailed and wakes up the threads in the ring buffer like below.\n\nIt seems it should not grab a wait-queue lock under perf-context lock.\nLet's do it with irq_work.\n\n [ 39.913691] =============================\n [ 39.914157] [ BUG: Invalid wait context ]\n [ 39.914623] 6.15.0-next-20250530-next-2025053 #1 Not tainted\n [ 39.915271] -----------------------------\n [ 39.915731] repro/837 is trying to lock:\n [ 39.916191] ffff88801acfabd8 (&event->waitq){....}-{3:3}, at: __wake_up+0x26/0x60\n [ 39.917182] other info that might help us debug this:\n [ 39.917761] context-{5:5}\n [ 39.918079] 4 locks held by repro/837:\n [ 39.918530] #0: ffffffff8725cd00 (rcu_read_lock){....}-{1:3}, at: __perf_event_task_sched_in+0xd1/0xbc0\n [ 39.919612] #1: ffff88806ca3c6f8 (&cpuctx_lock){....}-{2:2}, at: __perf_event_task_sched_in+0x1a7/0xbc0\n [ 39.920748] #2: ffff88800d91fc18 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_in+0x1f9/0xbc0\n [ 39.921819] #3: ffffffff8725cd00 (rcu_read_lock){....}-{1:3}, at: perf_event_wakeup+0x6c/0x470"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/events/core.c"], "versions": [{"version": "f4b07fd62d4d11d57a15cb4ae01b3833282eb8f6", "lessThan": "c67ab059953e3b66cb17ddd6524c23f9e1f6526d", "status": "affected", "versionType": "git"}, {"version": "f4b07fd62d4d11d57a15cb4ae01b3833282eb8f6", "lessThan": "825f218ca70ef394c2b8546b313711d867b24584", "status": "affected", "versionType": "git"}, {"version": "f4b07fd62d4d11d57a15cb4ae01b3833282eb8f6", "lessThan": "486ff5ad49bc50315bcaf6d45f04a33ef0a45ced", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/events/core.c"], "versions": [{"version": "6.15", "status": "affected"}, {"version": "0", "lessThan": "6.15", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0-rc2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.15", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.15", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.15", "versionEndExcluding": "7.0-rc2"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/c67ab059953e3b66cb17ddd6524c23f9e1f6526d"}, {"url": "https://git.kernel.org/stable/c/825f218ca70ef394c2b8546b313711d867b24584"}, {"url": "https://git.kernel.org/stable/c/486ff5ad49bc50315bcaf6d45f04a33ef0a45ced"}], "title": "perf/core: Fix invalid wait context in ctx_sched_in()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Fix invalid wait context in ctx_sched_in()\n\nLockdep found a bug in the event scheduling when a pinned event was\nfailed and wakes up the threads in the ring buffer like below.\n\nIt seems it should not grab a wait-queue lock under perf-context lock.\nLet's do it with irq_work.\n\n [ 39.913691] =============================\n [ 39.914157] [ BUG: Invalid wait context ]\n [ 39.914623] 6.15.0-next-20250530-next-2025053 #1 Not tainted\n [ 39.915271] -----------------------------\n [ 39.915731] repro/837 is trying to lock:\n [ 39.916191] ffff88801acfabd8 (&event->waitq){....}-{3:3}, at: __wake_up+0x26/0x60\n [ 39.917182] other info that might help us debug this:\n [ 39.917761] context-{5:5}\n [ 39.918079] 4 locks held by repro/837:\n [ 39.918530] #0: ffffffff8725cd00 (rcu_read_lock){....}-{1:3}, at: __perf_event_task_sched_in+0xd1/0xbc0\n [ 39.919612] #1: ffff88806ca3c6f8 (&cpuctx_lock){....}-{2:2}, at: __perf_event_task_sched_in+0x1a7/0xbc0\n [ 39.920748] #2: ffff88800d91fc18 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_in+0x1f9/0xbc0\n [ 39.921819] #3: ffffffff8725cd00 (rcu_read_lock){....}-{1:3}, at: perf_event_wakeup+0x6c/0x470"}], "id": "CVE-2026-23311", "lastModified": "2026-03-25T15:41:33.977", "metrics": {}, "published": "2026-03-25T11:16:27.327", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/486ff5ad49bc50315bcaf6d45f04a33ef0a45ced"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/825f218ca70ef394c2b8546b313711d867b24584"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c67ab059953e3b66cb17ddd6524c23f9e1f6526d"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: perf/core: Fix invalid wait context in ctx_sched_in()", "id": "2451208", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451208"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-413", "details": ["A flaw was found in the Linux kernel's perf/core component. This vulnerability occurs due to an invalid wait context during event scheduling, specifically when a pinned event fails and attempts to wake up threads in the ring buffer. An attacker could potentially exploit this to cause system instability or a denial of service (DoS) by triggering this specific event scheduling scenario. This issue is related to incorrect handling of wait-queue locks under perf-context locks."], "name": "CVE-2026-23311", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23311\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23311\nhttps://lore.kernel.org/linux-cve-announce/2026032529-CVE-2026-23311-8c0b@gregkh/T"], "threat_severity": "Low"}

{"analysis": {"en": {"generated_at": "2026-03-25T13:07:41.473848+00:00", "value": {"mitigation_remediation": ["Upgrade the Linux kernel to a patched release that includes the ctx_sched_in() invalid wait context fix"], "summary": {"action": "Immediate Patch", "impact": "Denial of Service via kernel panic"}, "threat_synthesis": {"affected_systems": "The issue affects any Linux kernel that contains the perf/core ctx_sched_in() path; no specific kernel version is listed, so all contemporary kernels until the patch are potentially impacted.", "description_and_impact": "A lock ordering bug in the Linux kernel perf subsystem allows an invalid wait context to be generated when a pinned event fails and tries to wake threads while still holding locks, triggering a BUG: Invalid wait context fault that can lead to a kernel panic and system downtime.", "risk_and_exploitability": "The severity is high because it can cause a kernel crash; no EPSS score or KEV listing is available. The likely attack vector is local and requires an attacker with the ability to manipulate perf events, implying privileged or kernel\u2011mode access, and at present no public exploit has been reported, but the potential impact necessitates prompt remediation."}}}}, "created": "2026-03-25T21:15:18.501156+00:00", "updated": "2026-03-25T21:15:18.501192+00:00", "vendors": [], "weaknesses": ["CWE-362", "CWE-420"]}