Race Condition in Linux Kernel's ATM Module Affects Multithreaded Environment
CVE-2026-43050

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2026

What is CVE-2026-43050?

A race condition in the ATM module of the Linux kernel allows for a use-after-free vulnerability due to improper synchronization when accessing a socket. This occurs in functions like send_to_lecd() and lec_atm_send() when the socket is freed via RCU while still in use. The vulnerability arises because the setter function lec_atm_close() clears a pointer without adequate protection, leading to potential exploitation in multithreaded environments. The resolution involves transitioning to RCU-protected pointers to ensure safe access during concurrent execution, thus mitigating the risks associated with simultaneous socket operations.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 3e8b25f32f2f35549d03d77da030a24a45bdef5b

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 750a33f417f3d196b86375f8d9f8938bacf130fe

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 317843d5355062020649124eb4a0d7acbcc3f53e

References

https://git.kernel.org/stable/c/3e8b25f32f2f35549d03d77da...

https://git.kernel.org/stable/c/750a33f417f3d196b86375f8d...

https://git.kernel.org/stable/c/317843d5355062020649124eb...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43050 Data

JSON