wid-sec-w-2026-0809 · Published 2026-03-19 · View on BSI CERT-Bund ↗

Linux Kernel: Multiple Vulnerabilities

CVSS 7.8 HIGH

Risk Summary

In the Linux kernel, the following vulnerability has been resolved: perf: Fix __perf_event_overflow() vs perf_remove_from_context() race Make sure that __perf_event_overflow() runs with IRQs disabled for all possible callchains. Specifically the software events can end up running it with only preemption disabled. This opens up a race vs perf_event_exit_event() and friends that will go and free various things the overflow path expects to be present, like the BPF program.

CVEs (8)

CVE-2026-23271 CVE-2026-23272 CVE-2026-23273 CVE-2026-23274 CVE-2026-23275 CVE-2026-23276 CVE-2026-23277 CVE-2026-23278

Affected Vendors

Amazon Google Open Source

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more