Description
In the Linux kernel, the following vulnerability has been resolved:

procfs: fix possible double mmput() in do_procmap_query()

When user provides incorrectly sized buffer for build ID for PROCMAP_QUERY
we return with -ENAMETOOLONG error. After recent changes this condition
happens later, after we unlocked mmap_lock/per-VMA lock and did mmput(),
so original goto out is now wrong and will double-mmput() mm_struct. Fix
by jumping further to clean up only vm_file and name_buf.
Published: 2026-05-06
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from a double mmput() call within the do_procmap_query() path of the Linux kernel. When a user supplies an overly large buffer for the build ID during the PROCMAP_QUERY ioctl operation, the kernel path performs an mmput() after unlocking a lock; the subsequent error handling path also attempts to mmput() the same mm_struct, resulting in a double free (CWE‑1341, CWE‑415). This double deallocation can corrupt kernel memory and lead to a kernel panic, effectively causing a denial of service for the affected system.

Affected Systems

All Linux kernel distributions that include the unpatched core procfs implementation are affected, including kernel 6.19 and earlier releases. Users should upgrade to a kernel version that incorporates the referenced commit(s).

Risk and Exploitability

The CVSS score of 7.8 indicates a high impact vulnerability. With an EPSS score of < 1%, the vulnerability has a very low probability of exploitation, and it is not listed in the CISA KEV catalog, suggesting that it is not a known widely exploited weakness. An attacker would need local or user‑level access to invoke the PROCMAP_QUERY ioctl with a malformed buffer; based on the description, the local‑access requirement is inferred rather than explicitly stated.

Generated by OpenCVE AI on May 12, 2026 at 22:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that contains the commit which removes the double mmput() in do_procmap_query().
  • If an immediate kernel upgrade is not possible, apply the patch from the kernel repository commits referenced in the advisory and rebuild the kernel to include the fix.
  • Re‑deploy the patched kernel or updated GNU/Linux distribution once the new build is available to ensure the vulnerability is mitigated.

Generated by OpenCVE AI on May 12, 2026 at 22:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 20:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-415
CPEs cpe:2.3:o:linux:linux_kernel:6.19:-:*:*:*:*:*:*

Fri, 08 May 2026 13:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Thu, 07 May 2026 03:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-415

Thu, 07 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1341
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Important

Wed, 06 May 2026 17:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-415

Wed, 06 May 2026 12:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: procfs: fix possible double mmput() in do_procmap_query() When user provides incorrectly sized buffer for build ID for PROCMAP_QUERY we return with -ENAMETOOLONG error. After recent changes this condition happens later, after we unlocked mmap_lock/per-VMA lock and did mmput(), so original goto out is now wrong and will double-mmput() mm_struct. Fix by jumping further to clean up only vm_file and name_buf.
Title procfs: fix possible double mmput() in do_procmap_query()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-23T16:06:28.657Z

Reserved: 2026-05-01T14:12:55.991Z

Link: CVE-2026-43178

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T12:16:36.303

Modified: 2026-05-12T19:52:25.087

Link: CVE-2026-43178

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43178 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T23:00:12Z

Weaknesses