Description
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Published: 2026-06-25
Score: 5.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel has a NULL pointer dereference when a self‑deadlock occurs during a FUTEX_CMP_REQUEUE_PI requeue. The bug causes remove_waiter() to dereference a NULL waiter->task, leading to a kernel crash and a denial of service. This flaw represents a null pointer dereference weakness (CWE‑476).

Affected Systems

All versions of the Linux kernel that do not include the fix introduced in commit 16f8e17184b31382076f84751db5ac51fc02733e. No specific release numbers are listed, so any kernel prior to the application of this patch may be vulnerable.

Risk and Exploitability

The CVSS score is 5.5 and the EPSS score is < 1%, so the severity can be considered low to medium. The vulnerability is not listed in the CISA KEV catalog, indicating no known large‑scale exploitation. The flaw requires that an attacker trigger a FUTEX_CMP_REQUEUE_PI requeue of a non‑top waiter that already owns the target PI futex; this is inferred to be a local scenario. Thus the primary threat is local denial of service.

Generated by OpenCVE AI on June 26, 2026 at 13:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest kernel release that incorporates commit 16f8e17184b31382076f84751db5ac51fc02733e to eliminate the NULL pointer dereference.
  • Reboot the system after updating to ensure the patched kernel is in use.
  • If a patched kernel is not yet available, monitor kernel mailing lists for the fix and avoid using the FUTEX_CMP_REQUEUE_PI flag in critical code paths until the update is applied.

Generated by OpenCVE AI on June 26, 2026 at 13:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 10 Jul 2026 12:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: futex/requeue: Prevent NULL pointer dereference in remove_waiter() on self-deadlock When FUTEX_CMP_REQUEUE_PI requeues a non-top waiter that already owns the target PI futex, task_blocks_on_rt_mutex() returns -EDEADLK before setting waiter->task. The subsequent remove_waiter() in rt_mutex_start_proxy_lock() dereferences the NULL waiter->task, causing a kernel crash. Add a self-deadlock check for non-top waiters before calling rt_mutex_start_proxy_lock(), analogous to the top-waiter check in futex_lock_pi_atomic(). This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Title futex/requeue: Prevent NULL pointer dereference in remove_waiter() on self-deadlock kernel: futex/requeue: Prevent NULL pointer dereference in remove_waiter() on self-deadlock
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
References

Fri, 26 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate


Thu, 25 Jun 2026 12:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Thu, 25 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: futex/requeue: Prevent NULL pointer dereference in remove_waiter() on self-deadlock When FUTEX_CMP_REQUEUE_PI requeues a non-top waiter that already owns the target PI futex, task_blocks_on_rt_mutex() returns -EDEADLK before setting waiter->task. The subsequent remove_waiter() in rt_mutex_start_proxy_lock() dereferences the NULL waiter->task, causing a kernel crash. Add a self-deadlock check for non-top waiters before calling rt_mutex_start_proxy_lock(), analogous to the top-waiter check in futex_lock_pi_atomic().
Title futex/requeue: Prevent NULL pointer dereference in remove_waiter() on self-deadlock
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: REJECTED

Assigner: Linux

Published:

Updated: 2026-07-10T11:57:35.720Z

Reserved: 2026-06-09T07:44:35.389Z

Link: CVE-2026-53166

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-25T00:00:00Z

Links: CVE-2026-53166 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T14:00:22Z

Weaknesses