CVE-2026-23400Deadlock in Linux

CWE-833Deadlock7 documents6 sources
Severity
N/A
No vector
EPSS
0.0%
top 94.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedMar 29

Description

In the Linux kernel, the following vulnerability has been resolved: rust_binder: call set_notification_done() without proc lock Consider the following sequence of events on a death listener: 1. The remote process dies and sends a BR_DEAD_BINDER message. 2. The local process invokes the BC_CLEAR_DEATH_NOTIFICATION command. 3. The local process then invokes the BC_DEAD_BINDER_DONE. Then, the kernel will reply to the BC_DEAD_BINDER_DONE command with a BR_CLEAR_DEATH_NOTIFICATION_DONE reply using

Affected Packages4 packages

Linuxlinux/linux_kernel6.18.06.18.19+1
Debianlinux/linux_kernel< 6.19.10-1
CVEListV5linux/linuxeafedbc7c050c44744fbdf80bdf3315e860b7513dd109e3442817bc03ad1f3ffd541092f8c428141+3
debiandebian/linux< linux 6.19.10-1 (forky)

🔴Vulnerability Details

3
OSV
CVE-2026-23400: In the Linux kernel, the following vulnerability has been resolved: rust_binder: call set_notification_done() without proc lock Consider the following2026-03-29
OSV
rust_binder: call set_notification_done() without proc lock2026-03-29
GHSA
GHSA-pff6-g7ww-p3v3: In the Linux kernel, the following vulnerability has been resolved: rust_binder: call set_notification_done() without proc lock Consider the followi2026-03-29

📋Vendor Advisories

2
Red Hat
kernel: rust_binder: call set_notification_done() without proc lock2026-03-29
Debian
CVE-2026-23400: linux - In the Linux kernel, the following vulnerability has been resolved: rust_binder...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23400 Impact, Exploitability, and Mitigation Steps | Wiz