PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-52991 Linux CVE debrief

CVE-2026-52991 is a high-severity use-after-free vulnerability in the Linux kernel. The vulnerability exists in the pressure write and cgroup file release paths of the sched/psi subsystem. An attacker with local access and low privileges can exploit this vulnerability to achieve code execution or denial of service. The vulnerability was introduced due to a race condition between pressure write and cgroup file release regarding the priv member of struct kernfs_open_file. The issue can be resolved by extending the scope of the cgroup_mutex lock within pressure_write() to encompass all code paths involving of->priv, thereby properly synchronizing the race condition occurring between cgroup_file_release() and pressure_write().

Vendor
Linux
Product
Unknown
CVSS
HIGH 7.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-24
Original CVE updated
2026-06-28
Advisory published
2026-06-24
Advisory updated
2026-06-28

Who should care

Linux kernel developers and maintainers, Linux distribution vendors, cloud providers, and end-users of Linux-based systems should be aware of this vulnerability. This vulnerability can be exploited by an attacker with local access and low privileges, making it a significant concern for systems that run Linux kernels. Linux kernel developers and maintainers should review and apply the provided patches to fix the vulnerability. Linux distribution vendors should update their kernel packages to include the fix. Cloud providers should ensure that their Linux-based virtual machines and containers are updated with the patched kernel. End-users of Linux-based systems should update their kernel to the latest version that includes the fix.

Technical summary

The vulnerability exists in the pressure write and cgroup file release paths of the sched/psi subsystem in the Linux kernel. The issue is caused by a race condition between pressure write and cgroup file release regarding the priv member of struct kernfs_open_file. An attacker with local access and low privileges can exploit this vulnerability to achieve code execution or denial of service. The vulnerability can be triggered by writing to the memory.pressure file in the cgroup filesystem. The issue can be resolved by extending the scope of the cgroup_mutex lock within pressure_write() to encompass all code paths involving of->priv, thereby properly synchronizing the race condition occurring between cgroup_file_release() and pressure_write(). Additionally, the operation to retrieve the ctx value must be moved to a point after the live kn lock has been successfully acquired.

Defensive priority

High

Recommended defensive actions

  • Apply the provided patches to fix the vulnerability
  • Update Linux kernel packages to the latest version that includes the fix
  • Ensure that Linux-based virtual machines and containers are updated with the patched kernel
  • Monitor Linux kernel updates and apply patches promptly
  • Consider implementing additional security measures such as SELinux or AppArmor to restrict access to sensitive files and directories

Evidence notes

The vulnerability was reported by an unknown source and is tracked as CVE-2026-52991. The CVSS score for this vulnerability is 7.8, indicating a high severity. The vulnerability affects the Linux kernel and can be exploited by an attacker with local access and low privileges. The issue can be resolved by extending the scope of the cgroup_mutex lock within pressure_write() to encompass all code paths involving of->priv.

Official resources

This article was generated with AI assistance based on the supplied source corpus.