CVE-2026-53166 | In the Linux kernel, the following vulnerability has been re…

Description

In the Linux kernel, the following vulnerability has been resolved: futex/requeue: Prevent NULL pointer dereference in remove_waiter() on self-deadlock When FUTEX_CMP_REQUEUE_PI requeues a non-top waiter that already owns the target PI futex, task_blocks_on_rt_mutex() returns -EDEADLK before setting waiter->task. The subsequent remove_waiter() in rt_mutex_start_proxy_lock() dereferences the NULL waiter->task, causing a kernel crash. Add a self-deadlock check for non-top waiters before calling rt_mutex_start_proxy_lock(), analogous to the top-waiter check in futex_lock_pi_atomic().

Metadata

CVE ID: CVE-2026-53166
State: PUBLISHED
Assigner: Linux
Reserved: 2026-06-09 07:44 UTC
Published: 2026-06-25 08:38 UTC
Last updated: 2026-06-25 08:38 UTC
Vendor / Product: Linux / Linux
Sources: cve.org · NVD

Severity & Metrics

No CVSS data available.

Affected products (2)

Vendor	Product	Platform	Versions
Linux	Linux	—	3fb7394a837740770f0d6b4b30567e60786a63f2 < 16f8e17184b31382076f84751db5ac51fc02733e, 88614876370aac8ad1050ad785a4c095ba17ac11 < 1f2f3f3eacd6653ab215c5d2ea70811148d433fc, 3bfdc63936dd4773109b7b8c280c0f3b5ae7d349 < 74e144274af39935b0f410c0ee4d2b91c3730414, d8cce4773c2b23d819baf5abedc62f7b430e8745 …
Linux	Linux	—	6.18.27 < 6.18.36, 7.0.4 < 7.0.13

References (3)