DEBIAN-CVE-2026-23380
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix WARN_ON in tracing_buffers_mmap_close When a process forks, the child process copies the parent's VMAs but the user_mapped reference count is not incremented. As a result, when both the parent and child processes exit, tracing_buffers_mmap_close() is called twice. On the second call, user_mapped is already 0, causing the function to return -ENODEV and triggering a WARN_ON. Normally, this isn't an issue as the memory is mapped with VM_DONTCOPY set. But this is only a hint, and the application can call madvise(MADVISE_DOFORK) which resets the VM_DONTCOPY flag. When the application does that, it can trigger this issue on fork. Fix it by incrementing the user_mapped reference count without re-mapping the pages in the VMA's open callback.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | linux | 0, 6.12.41-1, 6.12.43-1 |
| Debian:14 | linux | 6.16.1-1~exp1, 6.16.10-1, 6.16.11-1 |
Exploit Intelligence
- 4593.2.0.yml (github-poc)
- 4628.1.0.yml (github-poc)
- glcve_test.go (github-poc)
Timeline
- Mar 25, 2026 CVE Published
- Apr 30, 2026 CVE Updated