CVE-2026-52973 - Vulnerability Details

Description

In the Linux kernel, the following vulnerability has been resolved:

futex: Drop CLONE_THREAD requirement for private default hash alloc

Currently need_futex_hash_allocate_default() depends on strict pthread
semantics, abusing CLONE_THREAD. This breaks the non-concurrency
assumptions when doing the mm->futex_ref pcpu allocations, leading to
bugs[0] when sharing the mm in other ways; ie:

BUG: KASAN: slab-use-after-free in futex_hash_put

... where the +1 bias can end up on a percpu counter that mm->futex_ref
no longer points at.

Loosen the check to cover any CLONE_VM clone, except vfork(). Excluding
vfork keeps the existing paths untouched (no overhead), and we can't
race in the first place: either the parent is suspended and the child
runs alone, or mm->futex_ref is already allocated from an earlier
CLONE_VM.

Published: 2026-06-24

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability originates in the Linux kernel’s futex subsystem, where the requirement for CLONE_THREAD was dropped for private default hash allocation. This change creates an unintended use‑after‑free condition in futex hash handling, as shown by a KASAN report indicating a slab use‑after‑free when a memory reference counter is freed. The weakness is a classic use‑after‑free, a type of memory corruption that can be exploited to read or write arbitrary kernel memory and thus elevate privileges, or to crash the system.

Affected Systems

All Linux kernel installations are potentially impacted, regardless of vendor distribution. No specific kernel version range is supplied, so any kernel build that includes the buggy futex implementation without the patch may be vulnerable.

Risk and Exploitability

The absence of a CVSS or EPSS score signals that public severity metrics are not available. However, the nature of the bug—a use‑after‑free in kernel code—implies a high impact should an attacker be able to trigger the flaw. The likely attack vector requires local execution with the ability to invoke clone() with CLONE_VM and CLONE_THREAD flags, suggesting that privileged or compromised local processes could exploit the weakness. Because this flaw can lead to arbitrary kernel code execution, the risk is considered significant until a patch is applied or mitigated.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`d9b05321e21e4b218de4ce8a590bf375f58b6346`	affected	< 1dcd36420af2da5bd59306dba9caf78e3d248b1d
`d9b05321e21e4b218de4ce8a590bf375f58b6346`	affected	< 974ac49a9a068b0591a59f65c63eb06579a13091
`d9b05321e21e4b218de4ce8a590bf375f58b6346`	affected	< ee9dce44362b2d8132c32964656ab6dff7dfbc6a

Linux

affected

Version	Status	Constraints
`6.17`	affected	—
`0`	unaffected	< 6.17
`6.18.33`	unaffected	≤ 6.18.*
`7.0.10`	unaffected	≤ 7.0.*
`7.1`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[d9b05321e21e4b218de4ce8a590bf375f58b6346,1dcd36420af2da5bd59306dba9caf78e3d248b1d)`	affected	code_commit	—
`[d9b05321e21e4b218de4ce8a590bf375f58b6346,974ac49a9a068b0591a59f65c63eb06579a13091)`	affected	code_commit	—
`[d9b05321e21e4b218de4ce8a590bf375f58b6346,ee9dce44362b2d8132c32964656ab6dff7dfbc6a)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.17`	affected	generic	—
`[0,6.17)`	unaffected	generic	—
`[6.18.33,6.19.0)`	unaffected	generic	—
`[7.0.10,7.1.0)`	unaffected	generic	—
`[7.1,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the system to a Linux kernel release that contains the futex hash allocation fix.
Apply the patch manually by downloading the relevant commit from the provided git references and rebuilding the kernel if an automated update is not available.
If updating immediately is not possible, avoid or replace code that uses clone() with CLONE_VM and CLONE_THREAD flags, using vfork() instead where applicable.

Generated by OpenCVE AI on June 24, 2026 at 19:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/1dcd36420af2da5bd59306dba9caf78e3d248b1d
https://git.kernel.org/stable/c/974ac49a9a068b0591a59f65c63eb06579a13091
https://git.kernel.org/stable/c/ee9dce44362b2d8132c32964656ab6dff7dfbc6a

History

Wed, 24 Jun 2026 20:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-416

Wed, 24 Jun 2026 17:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: futex: Drop CLONE_THREAD requirement for private default hash alloc Currently need_futex_hash_allocate_default() depends on strict pthread semantics, abusing CLONE_THREAD. This breaks the non-concurrency assumptions when doing the mm->futex_ref pcpu allocations, leading to bugs[0] when sharing the mm in other ways; ie: BUG: KASAN: slab-use-after-free in futex_hash_put ... where the +1 bias can end up on a percpu counter that mm->futex_ref no longer points at. Loosen the check to cover any CLONE_VM clone, except vfork(). Excluding vfork keeps the existing paths untouched (no overhead), and we can't race in the first place: either the parent is suspended and the child runs alone, or mm->futex_ref is already allocated from an earlier CLONE_VM.
Title		futex: Drop CLONE_THREAD requirement for private default hash alloc
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/1dcd36420af2da5bd59306dba9caf78e3d248b1d https://git.kernel.org/stable/c/974ac49a9a068b0591a59f65c63eb06579a13091 https://git.kernel.org/stable/c/ee9dce44362b2d8132c32964656ab6dff7dfbc6a

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-24T16:28:51.171Z

Updated: 2026-06-24T16:28:51.171Z

Reserved: 2026-06-09T07:44:35.375Z

Link: CVE-2026-52973

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-24T21:30:04Z

Weaknesses

CWE-416
Use After Free

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object