{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23271", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.991Z", "datePublished": "2026-03-20T08:08:46.711Z", "dateUpdated": "2026-03-20T08:08:46.711Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-03-20T08:08:46.711Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix __perf_event_overflow() vs perf_remove_from_context() race\n\nMake sure that __perf_event_overflow() runs with IRQs disabled for all\npossible callchains. Specifically the software events can end up running\nit with only preemption disabled.\n\nThis opens up a race vs perf_event_exit_event() and friends that will go\nand free various things the overflow path expects to be present, like\nthe BPF program."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/events/core.c"], "versions": [{"version": "592903cdcbf606a838056bae6d03fc557806c914", "lessThan": "5c48fdc4b4623533d86e279f51531a7ba212eb87", "status": "affected", "versionType": "git"}, {"version": "592903cdcbf606a838056bae6d03fc557806c914", "lessThan": "3f89b61dd504c5b6711de9759e053b082f9abf12", "status": "affected", "versionType": "git"}, {"version": "592903cdcbf606a838056bae6d03fc557806c914", "lessThan": "bb190628fe5f2a73ba762a9972ba16c5e895f73e", "status": "affected", "versionType": "git"}, {"version": "592903cdcbf606a838056bae6d03fc557806c914", "lessThan": "c9bc1753b3cc41d0e01fbca7f035258b5f4db0ae", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/events/core.c"], "versions": [{"version": "2.6.31", "status": "affected"}, {"version": "0", "lessThan": "2.6.31", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.77", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.17", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.7", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0-rc2", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.31", "versionEndExcluding": "6.12.77"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.31", "versionEndExcluding": "6.18.17"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.31", "versionEndExcluding": "6.19.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.31", "versionEndExcluding": "7.0-rc2"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/5c48fdc4b4623533d86e279f51531a7ba212eb87"}, {"url": "https://git.kernel.org/stable/c/3f89b61dd504c5b6711de9759e053b082f9abf12"}, {"url": "https://git.kernel.org/stable/c/bb190628fe5f2a73ba762a9972ba16c5e895f73e"}, {"url": "https://git.kernel.org/stable/c/c9bc1753b3cc41d0e01fbca7f035258b5f4db0ae"}], "title": "perf: Fix __perf_event_overflow() vs perf_remove_from_context() race", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix __perf_event_overflow() vs perf_remove_from_context() race\n\nMake sure that __perf_event_overflow() runs with IRQs disabled for all\npossible callchains. Specifically the software events can end up running\nit with only preemption disabled.\n\nThis opens up a race vs perf_event_exit_event() and friends that will go\nand free various things the overflow path expects to be present, like\nthe BPF program."}], "id": "CVE-2026-23271", "lastModified": "2026-03-20T09:16:11.773", "metrics": {}, "published": "2026-03-20T09:16:11.773", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3f89b61dd504c5b6711de9759e053b082f9abf12"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/5c48fdc4b4623533d86e279f51531a7ba212eb87"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/bb190628fe5f2a73ba762a9972ba16c5e895f73e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c9bc1753b3cc41d0e01fbca7f035258b5f4db0ae"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{}

{"analysis": {"en": {"generated_at": "2026-03-20T09:26:24.880077+00:00", "value": {"mitigation_remediation": ["Update the Linux kernel to a version that includes the patch from the listed commits. If an immediate kernel update is not possible, disable perf events or BPF functionality that can trigger overflows (e.g., by setting kernel boot parameters or using sysctl) to reduce the attack surface. Monitor system logs for perf or BPF related errors that might indicate a race condition. Validate the applied patch by verifying the commit hash in the kernel source."], "summary": {"action": "Patch", "impact": "Local Privilege Escalation"}, "threat_synthesis": {"affected_systems": "The vulnerability is present in all Linux kernel releases that include the perf subsystem but do not contain the patch referenced in the provided commit URLs (https://git.kernel.org/stable/c/3f89b61dd504c5b6711de9759e053b082f9abf12, https://git.kernel.org/stable/c/5c48fdc4b4623533d86e279f51531a7ba212eb87, https://git.kernel.org/stable/c/bb190628fe5f2a73ba762a9972ba16c5e895f73e, https://git.kernel.org/stable/c/c9bc1753b3cc41d0e01fbca7f035258b5f4db0ae). Exact version bounds are not supplied in the CNA data, so any kernel older than the fix commit is considered affected. The affected product is the Linux kernel as represented by the CPE string cpe:2.3:o:linux:linux_kernel:*", "description_and_impact": "The CVE addresses a race condition between __perf_event_overflow() and perf_remove_from_context() in the Linux kernel. When software events run with only preemption disabled, the overflow handler may execute while a concurrent cleanup path frees resources such as BPF programs. This mis\u2011synchronization can lead to use\u2011after\u2011free and possible arbitrary code execution.", "risk_and_exploitability": "Severity details are not supplied in the CVE data; the EPSS score is unavailable and the vulnerability is not listed in CISA's KEV catalog. The risk is moderate to high because a local user could trigger the race by creating or manipulating perf events or BPF programs, potentially leading to privileged code execution or a kernel crash. Exploitation requires local execution privileges and the ability to initiate perf_event overflows, implying that the attack vector is local, not remote. The patch resolves the race by ensuring __perf_event_overflow() runs with IRQs disabled for all call chains, preventing the premature release of resources."}}}}, "created": "2026-03-20T10:36:47.790629+00:00", "updated": "2026-03-20T10:36:47.790656+00:00", "vendors": [], "weaknesses": ["CWE-416", "CWE-362"]}