VDB

DEBIAN-CVE-2026-23380

DEBIAN-CVE-2026-23380 PUBLISHED CVSS 5.5 MEDIUM

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix WARN_ON in tracing_buffers_mmap_close When a process forks, the child process copies the parent's VMAs but the user_mapped reference count is not incremented. As a result, when both the parent and child processes exit, tracing_buffers_mmap_close() is called twice. On the second call, user_mapped is already 0, causing the function to return -ENODEV and triggering a WARN_ON. Normally, this isn't an issue as the memory is mapped with VM_DONTCOPY set. But this is only a hint, and the application can call madvise(MADVISE_DOFORK) which resets the VM_DONTCOPY flag. When the application does that, it can trigger this issue on fork. Fix it by incrementing the user_mapped reference count without re-mapping the pages in the VMA's open callback.

Risk Scores

CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Debian:13linux0, 6.12.41-1, 6.12.43-1
Debian:14linux6.16.1-1~exp1, 6.16.10-1, 6.16.11-1

Exploit Intelligence

Timeline

  • Mar 25, 2026 CVE Published
  • Apr 30, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›