CVE-2024-26686

Advisory lineage Upstream: 0 Downstream: 21
Modified
Published: 03 Apr 2024, 14:54
Last modified:11 May 2026, 20:02

Vulnerability Summary

Overall Risk (default)
low
22/100
CVSS Score
5.5 MEDIUM
v3.1 (nvd)
EPSS Score
0.01% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

03 Apr 2024, 14:54
Published
Vulnerability first disclosed
11 May 2026, 20:02
Last Modified
Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats lock_task_sighand() can trigger a hard lockup. If NR_CPUS threads call do_task_stat() at the same time and the process has NR_THREADS, it will spin with irqs disabled O(NR_CPUS * NR_THREADS) time. Change do_task_stat() to use sig->stats_lock to gather the statistics outside of ->siglock protected section, in the likely case this code will run lockless.

CVSS Metrics

  • v3.1MEDIUMScore: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.01% Percentile: 1%

Techniques & Countermeasures

  • CWE-667Improper Locking

    The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

Affected Systems

  • linuxlinux

    ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 4fe85bdaabd63f8f8579b24a10ed597c9c482164 | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 0c35d1914353799c54fa1843fe7dea6fcbcdbac5 | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < cf4b8c39b9a0bd81c47afc7ef62914a62dd5ec4d | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 3820b0fac7732a653bcc6f6ac20c1d72e697f8f6 | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 27978243f165b44e342f28f449b91327944ea071 | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 7601df8031fd67310af891897ef6cc0df4209305 | 2.6.12

  • linuxlinux_kernel

    < 6.1.82 | ≥ 6.2, < 6.7.6 | 6.8:rc1 | 6.8:rc2 | 6.8:rc3

References (7)