Use-After-Free Vulnerability in Linux Kernel Affects Various Distributions
CVE-2026-45837

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-45837?

A vulnerability in the Linux kernel involves a use-after-free condition within the bpf subsystem during the fork process. When a new process is created, the child process inherits a pointer to the virtual memory area (VMA) of the parent. If the parent process unmaps this VMA, the child process ends up referencing a stale pointer, leading to potential exploitation when attempting to free pages. The fix addresses this by ensuring that the virtual memory area is not inherited across forks with appropriate flags to prevent unwanted operations during memory remapping.

Affected Version(s)

Linux 317460317a02a1af512697e6e964298dedd8a163 < 723b9fa930cc277c15ce6b9ec9feec828cfac9d7

Linux 317460317a02a1af512697e6e964298dedd8a163

Linux 317460317a02a1af512697e6e964298dedd8a163 < 201128fcc7b213d27ab77bc4e89488b41796480f

References

https://git.kernel.org/stable/c/723b9fa930cc277c15ce6b9ec...

https://git.kernel.org/stable/c/d18099f19e53250f8ad280149...

https://git.kernel.org/stable/c/201128fcc7b213d27ab77bc4e...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-45837 Data

JSON