GHSA-9h35-hqff-9v3w
A deadlock vulnerability exists in the Linux kernel's fasync signaling mechanism involving unsafe lock order between SOFTIRQ-safe and SOFTIRQ-unsafe contexts. This occurs when process groups receive signals via send_sigio() or send_sigurg(), potentially causing a system hang. The issue arises from the use of read_lock(&tasklist_lock) in softirq context, which conflicts with write_lock attempts in process context, leading to deadlock. The vulnerability can be triggered remotely via TCP URG packets, resulting in a denial of service. The fix involves replacing the tasklist_lock with rcu_read_lock() for safe traversal, eliminating the deadlock condition.
AI Analysis
Technical Summary
This vulnerability in the Linux kernel involves a deadlock caused by an unsafe lock order between SOFTIRQ-safe and SOFTIRQ-unsafe contexts during fasync signaling for process groups. Specifically, send_sigio() and send_sigurg() functions use read_lock(&tasklist_lock) while operating in softirq context, conflicting with write_lock(&tasklist_lock) attempts in process context (e.g., fork() or exit()). This leads to a deadlock when a softirq interrupts a process holding a read lock and tries to acquire the same lock again while a writer is waiting. The root cause is the rwlock writer fairness mechanism combined with lock acquisition order. Since PID hashing and task traversal are already RCU-protected, the patch replaces tasklist_lock with rcu_read_lock(), aligning signaling paths and mitigating the deadlock and a potential remote denial of service via TCP URG packets.
Potential Impact
The vulnerability can cause a system deadlock leading to denial of service, triggered remotely through TCP URG packets. There is no impact on confidentiality or integrity, but availability is severely affected due to the deadlock condition. No known exploits are reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. The described fix replaces the tasklist_lock with rcu_read_lock() in the signaling path to prevent deadlocks. Until an official patch is available, monitoring for unusual system hangs related to TCP URG packets may be prudent.
GHSA-9h35-hqff-9v3w
Description
A deadlock vulnerability exists in the Linux kernel's fasync signaling mechanism involving unsafe lock order between SOFTIRQ-safe and SOFTIRQ-unsafe contexts. This occurs when process groups receive signals via send_sigio() or send_sigurg(), potentially causing a system hang. The issue arises from the use of read_lock(&tasklist_lock) in softirq context, which conflicts with write_lock attempts in process context, leading to deadlock. The vulnerability can be triggered remotely via TCP URG packets, resulting in a denial of service. The fix involves replacing the tasklist_lock with rcu_read_lock() for safe traversal, eliminating the deadlock condition.
CVSS v3.1
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in the Linux kernel involves a deadlock caused by an unsafe lock order between SOFTIRQ-safe and SOFTIRQ-unsafe contexts during fasync signaling for process groups. Specifically, send_sigio() and send_sigurg() functions use read_lock(&tasklist_lock) while operating in softirq context, conflicting with write_lock(&tasklist_lock) attempts in process context (e.g., fork() or exit()). This leads to a deadlock when a softirq interrupts a process holding a read lock and tries to acquire the same lock again while a writer is waiting. The root cause is the rwlock writer fairness mechanism combined with lock acquisition order. Since PID hashing and task traversal are already RCU-protected, the patch replaces tasklist_lock with rcu_read_lock(), aligning signaling paths and mitigating the deadlock and a potential remote denial of service via TCP URG packets.
Potential Impact
The vulnerability can cause a system deadlock leading to denial of service, triggered remotely through TCP URG packets. There is no impact on confidentiality or integrity, but availability is severely affected due to the deadlock condition. No known exploits are reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. The described fix replaces the tasklist_lock with rcu_read_lock() in the signaling path to prevent deadlocks. Until an official patch is available, monitoring for unusual system hangs related to TCP URG packets may be prudent.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- GHSA-9h35-hqff-9v3w
- Osv Schema Version
- 1.4.0
- Aliases
- ["CVE-2026-52946"]
- Ecosystems
- []
- Database Specific Severity
- HIGH
- Cvss Version
- 3.1
Threat ID: 6a42ed7127e9c79719939186
Added to database: 06/29/2026, 22:10:57 UTC
Last enriched: 06/29/2026, 22:37:42 UTC
Last updated: 06/29/2026, 23:08:35 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.