Skip to main content

Linux Kernel EUVDEUVD-2026-27558

| CVE-2026-43074 HIGH
Memory Leak (CWE-401)
2026-05-06 Linux
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative
Red Hat
7.0 HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 08, 2026 - 13:23 vuln.today
CVSS changed
May 08, 2026 - 13:22 NVD
7.8 (HIGH)
Patch available
May 06, 2026 - 11:01 EUVD
CVE Published
May 06, 2026 - 07:21 nvd
HIGH 7.8

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

eventpoll: defer struct eventpoll free to RCU grace period

In certain situations, ep_free() in eventpoll.c will kfree the epi->ep eventpoll struct while it still being used by another concurrent thread. Defer the kfree() to an RCU callback to prevent UAF.

AnalysisAI

Use-after-free in Linux kernel eventpoll subsystem allows local authenticated attackers with low privileges to achieve high-impact compromise including arbitrary code execution, privilege escalation, or system crash. The vulnerability stems from premature deallocation of the eventpoll structure while still in use by concurrent threads, creating a race condition exploitable on systems running affected kernel versions 6.4 through 6.19.x and 6.6.x through 6.12.x. Vendor patches available across all affected stable branches with EPSS indicating low widespread exploitation probability (0.02%, 5th percentile), though local access requirements limit attack surface to already-authenticated users or containerized environments.

Technical ContextAI

The eventpoll (epoll) subsystem in the Linux kernel provides scalable I/O event notification mechanisms used extensively by high-performance network services and applications. The vulnerability exists in eventpoll.c where the ep_free() function prematurely calls kfree() to deallocate the eventpoll structure (epi->ep) while another concurrent thread may still hold references to it, creating a classic use-after-free condition. This race condition occurs because the original code lacked proper RCU (Read-Copy-Update) synchronization to ensure all threads complete their read-side critical sections before memory reclamation. The fix defers the kfree() operation to an RCU grace period callback, guaranteeing that no thread can access freed memory. This affects systems using epoll file descriptors for event monitoring, which includes most modern Linux servers running web servers, databases, and containerized workloads. CPE data confirms impact across multiple Linux kernel version branches from the 6.4 introduction point forward.

RemediationAI

Upgrade to patched Linux kernel versions immediately: 6.6.136 or later for 6.6.x series, 6.12.83 or later for 6.12.x series, 6.18.24 or later for 6.18.x series, 6.19.14 or later for 6.19.x series, or 7.0 for mainline users. Patches are available from the Linux kernel stable tree at https://git.kernel.org/stable/ with specific fix commits documented in the references. For systems where immediate kernel upgrade is not feasible, implement compensating controls: restrict local user access to trusted administrators only (reduces attack surface by eliminating PR:L threat actors), deploy mandatory access control frameworks (SELinux/AppArmor) with policies preventing unprivileged users from triggering epoll operations in sensitive contexts (adds defense layer but does not eliminate the race condition), and enable kernel address space layout randomization and other exploit mitigations to increase exploitation difficulty (note: determined local attackers with UAF primitives can often bypass ASLR). Monitor systems for abnormal epoll usage patterns or unexpected kernel panics in eventpoll code paths as potential exploitation indicators. Important: compensating controls only reduce risk - they do not fix the underlying race condition, so kernel patching remains the definitive remediation.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-27558 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy