CVE-2026-43178 PUBLISHED

procfs: fix possible double mmput() in do_procmap_query()

Assigner: Linux
Reserved: 01.05.2026 Published: 06.05.2026 Updated: 06.05.2026

In the Linux kernel, the following vulnerability has been resolved:

procfs: fix possible double mmput() in do_procmap_query()

When user provides incorrectly sized buffer for build ID for PROCMAP_QUERY we return with -ENAMETOOLONG error. After recent changes this condition happens later, after we unlocked mmap_lock/per-VMA lock and did mmput(), so original goto out is now wrong and will double-mmput() mm_struct. Fix by jumping further to clean up only vm_file and name_buf.

Product Status

Vendor	Linux
Product	Linux
Versions	Default: unaffected affected from b9b97e6aeb534315f9646b2090d1a5024c6a4e82 to f9fe092084cd04deea18747f58a2304026e76aaa (excl.) affected from cbc03ce3e6ce7e21214c3f02218213574c1a2d08 to 8adaff87db143583e08eec4f4e7788f1ef8af94d (excl.) affected from b5cbacd7f86f4f62b8813688c8e73be94e8e1951 to 90f5e87c9b75833b9ef3a4415b92c0247f28ab2f (excl.) affected from b5cbacd7f86f4f62b8813688c8e73be94e8e1951 to 61dc9f776705d6db6847c101b98fa4f0e9eb6fa3 (excl.)

Vendor	Linux
Product	Linux
Versions	Default: affected Version 6.19 is affected unaffected from 0 to 6.19 (excl.) unaffected from 6.12.75 to 6.12.* (incl.) unaffected from 6.18.16 to 6.18.* (incl.) unaffected from 6.19.6 to 6.19.* (incl.) unaffected from 7.0 to * (incl.)

CVE-2026-43178 PUBLISHED

procfs: fix possible double mmput() in do_procmap_query()

Product Status

References