CVE-2026-23271 — Operation on a Resource after Expiration or Release in Linux
Severity
7.8HIGHNVD
EPSS
0.0%
top 97.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 20
Description
In the Linux kernel, the following vulnerability has been resolved:
perf: Fix __perf_event_overflow() vs perf_remove_from_context() race
Make sure that __perf_event_overflow() runs with IRQs disabled for all
possible callchains. Specifically the software events can end up running
it with only preemption disabled.
This opens up a race vs perf_event_exit_event() and friends that will go
and free various things the overflow path expects to be present, like
the BPF program.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages3 packages
▶CVEListV5linux/linux592903cdcbf606a838056bae6d03fc557806c914 — 4df1a45819e50993cb351682a6ae8e7ed2d233a0+6
🔴Vulnerability Details
4OSV▶
CVE-2026-23271: In the Linux kernel, the following vulnerability has been resolved: perf: Fix __perf_event_overflow() vs perf_remove_from_context() race Make sure tha↗2026-03-20
GHSA▶
GHSA-x3m9-v7vh-x62j: In the Linux kernel, the following vulnerability has been resolved:
perf: Fix __perf_event_overflow() vs perf_remove_from_context() race
Make sure t↗2026-03-20
📋Vendor Advisories
3Debian▶
CVE-2026-23271: linux - In the Linux kernel, the following vulnerability has been resolved: perf: Fix _...↗2026