CVE-2026-23134 — Vulnetix

CVE-2026-23134 PUBLISHED CVSS 5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: slab: fix kmalloc_nolock() context check for PREEMPT_RT On PREEMPT_RT kernels, local_lock becomes a sleeping lock. The current check in kmalloc_nolock() only verifies we're not in NMI or hard IRQ context, but misses the case where preemption is disabled. When a BPF program runs from a tracepoint with preemption disabled (preempt_count > 0), kmalloc_nolock() proceeds to call local_lock_irqsave() which attempts to acquire a sleeping lock, triggering: BUG: sleeping function called from invalid context in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 6128 preempt_count: 2, expected: 0 Fix this by checking !preemptible() on PREEMPT_RT, which directly expresses the constraint that we cannot take a sleeping lock when preemption is disabled. This encompasses the previous checks for NMI and hard IRQ contexts while also catching cases where preemption is disabled.

EPSS 0.02% · 3.9th percentile

Risk Scores

CVSS v3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.02%

3.9th percentile

Affected Products

Vendor	Product	Versions
linux	linux_kernel	6.19, 6.19, 6.19
Linux	Linux	af92793e52c3a99b828ed4bdd277fd3e11c18d08, 6.18, 6.18.8

Timeline

Feb 14, 2026 CVE Published
Feb 14, 2026 CVE Updated
Feb 15, 2026 EPSS Score
Feb 16, 2026 EPSS Score
Feb 18, 2026 EPSS Score
Feb 19, 2026 EPSS Score
Feb 20, 2026 EPSS Score
Feb 22, 2026 EPSS Score
Feb 23, 2026 EPSS Score
Feb 23, 2026 Security Advisory
Feb 24, 2026 EPSS Score
Feb 25, 2026 EPSS Score

References

Open in Interactive Console →