GHSA-h72j-p4f7-vrcj
A race condition vulnerability in the Linux kernel's unix_gc() function could cause the gc_in_progress flag to be false during garbage collection, potentially confusing the garbage collector when MSG_PEEK is used. This issue arises from concurrent scheduling of garbage collection work without properly setting the gc_in_progress flag. The vulnerability has been addressed by ensuring gc_in_progress is set to true within unix_gc().
AI Analysis
Technical Summary
The vulnerability involves the unix_gc() function in the Linux kernel where the gc_in_progress flag may be incorrectly set to false during concurrent garbage collection scheduling. This occurs when multiple threads schedule garbage collection work simultaneously, leading to a state where unix_peek_fpl() could be misled by the gc_in_progress flag being false during MSG_PEEK operations. The fix involves setting gc_in_progress to true inside unix_gc() to prevent this race condition.
Potential Impact
If exploited, this race condition could cause the garbage collector to behave incorrectly during MSG_PEEK operations, potentially leading to inconsistent or unexpected behavior in the kernel's Unix socket garbage collection. No known exploits are reported in the wild. The exact impact on system stability or security is not detailed in the available information.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official patch or fix details are provided in the available data. Users should monitor official Linux kernel advisories for updates addressing this issue.
GHSA-h72j-p4f7-vrcj
Description
A race condition vulnerability in the Linux kernel's unix_gc() function could cause the gc_in_progress flag to be false during garbage collection, potentially confusing the garbage collector when MSG_PEEK is used. This issue arises from concurrent scheduling of garbage collection work without properly setting the gc_in_progress flag. The vulnerability has been addressed by ensuring gc_in_progress is set to true within unix_gc().
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability involves the unix_gc() function in the Linux kernel where the gc_in_progress flag may be incorrectly set to false during concurrent garbage collection scheduling. This occurs when multiple threads schedule garbage collection work simultaneously, leading to a state where unix_peek_fpl() could be misled by the gc_in_progress flag being false during MSG_PEEK operations. The fix involves setting gc_in_progress to true inside unix_gc() to prevent this race condition.
Potential Impact
If exploited, this race condition could cause the garbage collector to behave incorrectly during MSG_PEEK operations, potentially leading to inconsistent or unexpected behavior in the kernel's Unix socket garbage collection. No known exploits are reported in the wild. The exact impact on system stability or security is not detailed in the available information.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official patch or fix details are provided in the available data. Users should monitor official Linux kernel advisories for updates addressing this issue.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- GHSA-h72j-p4f7-vrcj
- Osv Schema Version
- 1.4.0
- Aliases
- ["CVE-2026-53361"]
- Ecosystems
- []
- Database Specific Severity
- null
- Cvss Version
- null
Threat ID: 6a498a7327e9c7971936e8c8
Added to database: 07/04/2026, 22:34:27 UTC
Last enriched: 07/04/2026, 22:37:27 UTC
Last updated: 07/05/2026, 00:51:24 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.