Description
In the Linux kernel, the following vulnerability has been resolved:

um: Fix potential race condition in TLB sync

During the TLB sync, we need to traverse and modify the page table,
so we should hold the page table lock. Since full SMP support for
threads within the same process is still missing, let's disable the
split page table lock for simplicity.
Published: 2026-06-24
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

During TLB synchronization the kernel traverses and modifies the page table without holding the required lock, introducing a race condition that may lead to incorrect page table entries. The weakness is identified as lack of proper synchronization (CWE‑414). It could cause unpredictable behavior in kernel memory handling, but the CVE does not confirm any specific corruption or exploitation.

Affected Systems

All Linux kernel releases built from source that include the TLB synchronization code before commit 102331b66bcaf1f41f50b9c4cd5c36e46bafa9f3 are potentially affected. Any distribution shipping such kernels remains vulnerable until the patch is applied or the kernel is upgraded.

Risk and Exploitability

The CVSS score of 7.8 indicates high severity. EPSS shows a likelihood of exploitation below 1 %, and the vulnerability is not listed in the CISA KEV catalog. Exploiting the condition would require concurrent TLB sync operations, implying that an attacker needs local kernel access to orchestrate a race. No public exploits or proof‑of‑concepts have been disclosed. The attack vector is therefore inferred as local and dependent on a vulnerable kernel running on an SMP or multi‑threaded system.

Generated by OpenCVE AI on June 28, 2026 at 13:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the kernel patch that disables the split page table lock (commit 102331b66bcaf1f41f50b9c4cd5c36e46bafa9f3).
  • Upgrade to a Linux kernel release that incorporates this patch.
  • If the patch cannot be applied, rebuild the kernel with the configuration setting that disables split page table locks or compile without the affected code.

Generated by OpenCVE AI on June 28, 2026 at 13:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 28 Jun 2026 08:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


Sat, 27 Jun 2026 03:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362

Sat, 27 Jun 2026 00:15:00 +0000


Wed, 24 Jun 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: um: Fix potential race condition in TLB sync During the TLB sync, we need to traverse and modify the page table, so we should hold the page table lock. Since full SMP support for threads within the same process is still missing, let's disable the split page table lock for simplicity.
Title um: Fix potential race condition in TLB sync
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-28T06:38:06.162Z

Reserved: 2026-06-09T07:44:35.379Z

Link: CVE-2026-53020

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity :

Publid Date: 2026-06-24T00:00:00Z

Links: CVE-2026-53020 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-28T13:45:06Z

Weaknesses