CVE-2026-43178

May 6, 2026, 1:07 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: procfs: fix possible double mmput() in do_procmap_query() When user provides incorrectly sized buffer for build ID for PROCMAP_QUERY we return with -ENAMETOOLONG error. After recent changes this condition happens later, after we unlocked mmap_lock/per-VMA lock and did mmput(), so original goto out is now wrong and will double-mmput() mm_struct. Fix by jumping further to clean up only vm_file and name_buf.

Product(s) Impacted

Vendor Product Versions
Linux
  • Kernel
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a linux kernel / / / / / / / /

References

https://git.kernel.org/stable/c/61dc9f776705d6db6847c101b98fa4f0e9eb6fa3
https://git.kernel.org/stable/c/8adaff87db143583e08eec4f4e7788f1ef8af94d
https://git.kernel.org/stable/c/90f5e87c9b75833b9ef3a4415b92c0247f28ab2f
https://git.kernel.org/stable/c/f9fe092084cd04deea18747f58a2304026e76aaa

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2026-05-06
CVE-2026-43178

Timeline

Published: May 6, 2026, 12:16 p.m.
Last Modified: May 6, 2026, 1:07 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.