Local Privilege Escalation Vulnerability in Linux Kernel
CVE-2026-45838

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-45838?

A vulnerability exists in the Linux Kernel where the function responsible for retrieving keys from a cgroup storage incorrectly processes the last entry. Specifically, the function list_next_entry() fails to return NULL when the end of the list is reached, leading to an erroneous pointer dereference. This results in the copying of data from an invalid location, which could potentially disclose sensitive data to userspace. The issue has been resolved by implementing a proper check to ensure that the function accurately returns an error when there are no remaining entries.

Affected Version(s)

Linux de9cbbaadba5adf88a19e46df61f7054000838f6

Linux de9cbbaadba5adf88a19e46df61f7054000838f6 < 85a2f30e40f7468db732f55659bc6318874f49af

Linux de9cbbaadba5adf88a19e46df61f7054000838f6 < 32ce55d424395904986f5066f8755f6cb9993377

References

https://git.kernel.org/stable/c/b4b5a20bed82130da2f2818f0...

https://git.kernel.org/stable/c/85a2f30e40f7468db732f5565...

https://git.kernel.org/stable/c/32ce55d424395904986f5066f...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-45838 Data

JSON