Description
In the Linux kernel, the following vulnerability has been resolved:

crypto: jitterentropy - replace long-held spinlock with mutex

jent_kcapi_random() serializes the shared jitterentropy state, but it
currently holds a spinlock across the jent_read_entropy() call. That
path performs expensive jitter collection and SHA3 conditioning, so
parallel readers can trigger stalls as contending waiters spin for
the same lock.

To prevent non-preemptible lock hold, replace rng->jent_lock with a
mutex so contended readers sleep instead of spinning on a shared lock
held across expensive entropy generation.
Published: 2026-06-24
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the Linux kernel, the jitterentropy module serializes shared state by acquiring a spinlock that remains held during the entire jent_read_entropy() call, which performs heavy entropy collection and SHA3 conditioning. This causes any concurrent readers to spin on the lock, consuming CPU cycles and potentially stalling the system. The vulnerability does not introduce data disclosure or privilege escalation; its core impact is a resource exhaustion that can degrade system responsiveness.

Affected Systems

The vulnerable code resides in the Linux kernel's jitterentropy random-number generator. All kernel releases that contain this implementation prior to the recent patch – which replaces the spinlock with a mutex – are impacted. The patch is present in the mainline kernel as of the commit referenced above; distributions that have not yet applied the update remain vulnerable.

Risk and Exploitability

The CVSS score is 5.5, indicating a moderate severity. The EPSS score indicates less than 1% probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog, suggesting there are no known exploits. Based on the description, it is inferred that an attacker would need local access to trigger frequent random-number generation. There is no explicit evidence that a remote attacker could exploit this weakness. The risk is a denial of service through high CPU usage and lock contention, with a low likelihood of exploitation under current public knowledge.

Generated by OpenCVE AI on June 25, 2026 at 04:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that includes the mutex replacement for jitterentropy.
  • If a kernel update is not feasible, consider disabling jitterentropy in the kernel configuration or unloading the module if supported by the distribution.
  • Continuously monitor CPU usage and lock contention with tools such as perf, lockstat, or ftrace to confirm the mitigation’s effectiveness and detect any residual contention.

Generated by OpenCVE AI on June 25, 2026 at 04:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 03:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-368
CWE-399

Thu, 25 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-821
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low


Wed, 24 Jun 2026 14:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-368
CWE-399

Wed, 24 Jun 2026 07:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: crypto: jitterentropy - replace long-held spinlock with mutex jent_kcapi_random() serializes the shared jitterentropy state, but it currently holds a spinlock across the jent_read_entropy() call. That path performs expensive jitter collection and SHA3 conditioning, so parallel readers can trigger stalls as contending waiters spin for the same lock. To prevent non-preemptible lock hold, replace rng->jent_lock with a mutex so contended readers sleep instead of spinning on a shared lock held across expensive entropy generation.
Title crypto: jitterentropy - replace long-held spinlock with mutex
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-24T07:14:26.649Z

Reserved: 2026-06-09T07:44:35.370Z

Link: CVE-2026-52936

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Low

Publid Date: 2026-06-24T00:00:00Z

Links: CVE-2026-52936 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T04:30:07Z

Weaknesses
  • CWE-821

    Incorrect Synchronization