{"id":"CVE-2026-23271","summary":"perf: Fix __perf_event_overflow() vs perf_remove_from_context() race","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix __perf_event_overflow() vs perf_remove_from_context() race\n\nMake sure that __perf_event_overflow() runs with IRQs disabled for all\npossible callchains. Specifically the software events can end up running\nit with only preemption disabled.\n\nThis opens up a race vs perf_event_exit_event() and friends that will go\nand free various things the overflow path expects to be present, like\nthe BPF program.","modified":"2026-04-02T13:12:19.377376Z","published":"2026-03-20T08:08:46.711Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23271.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/3f89b61dd504c5b6711de9759e053b082f9abf12"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4df1a45819e50993cb351682a6ae8e7ed2d233a0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4f8d5812337871227bb2c98669a87c306a2f86ef"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5c48fdc4b4623533d86e279f51531a7ba212eb87"},{"type":"WEB","url":"https://git.kernel.org/stable/c/bb190628fe5f2a73ba762a9972ba16c5e895f73e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c9bc1753b3cc41d0e01fbca7f035258b5f4db0ae"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23271.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23271"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"592903cdcbf606a838056bae6d03fc557806c914"},{"fixed":"4df1a45819e50993cb351682a6ae8e7ed2d233a0"},{"fixed":"4f8d5812337871227bb2c98669a87c306a2f86ef"},{"fixed":"5c48fdc4b4623533d86e279f51531a7ba212eb87"},{"fixed":"3f89b61dd504c5b6711de9759e053b082f9abf12"},{"fixed":"bb190628fe5f2a73ba762a9972ba16c5e895f73e"},{"fixed":"c9bc1753b3cc41d0e01fbca7f035258b5f4db0ae"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23271.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.6.31"},{"fixed":"6.1.167"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.130"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.77"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.17"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"6.19.7"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23271.json"}}],"schema_version":"1.7.5"}