Wind River Support Network

HomeDefectsLIN1025-15433
Fixed

LIN1025-15433 : Security Advisory - linux - CVE-2026-46259

Created: Jun 4, 2026    Updated: Jun 9, 2026
Resolved Date: Jun 4, 2026
Found In Version: 10.25.33.2
Fix Version: 10.25.33.8
Severity: Standard
Applicable for: Wind River Linux LTS 25
Component/s: Kernel

Description

In the Linux kernel, the following vulnerability has been resolved:  procfs: fix missing RCU protection when reading real_parent in do_task_stat()  When reading /proc/[pid]/stat, do_task_stat() accesses task->real_parent without proper RCU protection, which leads to:    cpu 0                               cpu 1   -----                               -----   do_task_stat     var = task->real_parent                                       release_task                                         call_rcu(delayed_put_task_struct)     task_tgid_nr_ns(var)       rcu_read_lock   <--- Too late to protect task->real_parent!       task_pid_ptr    <--- UAF!       rcu_read_unlock  This patch uses task_ppid_nr_ns() instead of task_tgid_nr_ns() to add proper RCU protection for accessing task->real_parent.

CVEs

  • Linkedin
  • Facebook
  • Twitter
  • Youtube