Login Sign Up

CVE-2026-23199

N/A Unknown

📋 TL;DR

This CVE describes a deadlock vulnerability in the Linux kernel's procfs subsystem where fetching build ID information while holding VMA locks could cause system deadlocks. The vulnerability affects Linux systems with specific kernel versions and can lead to system instability. Users running affected Linux kernel versions are potentially impacted.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific versions containing the vulnerable code (check git commits for exact ranges)
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability requires procfs access and specific timing conditions to trigger deadlock

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

System deadlock causing kernel panic, system crash, or complete unresponsiveness requiring hard reboot

🟠

Likely Case

System instability, process hangs, or performance degradation when procfs operations are performed

🟢

If Mitigated

Minimal impact as deadlock requires specific timing conditions and procfs access patterns

🌐 Internet-Facing: LOW - Requires local access or ability to execute code on the system
🏢 Internal Only: MEDIUM - Local users or processes could trigger deadlock conditions affecting system stability

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and ability to trigger specific procfs operations with precise timing

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing fixes from git commits b5cbacd7f86f4f62b8813688c8e73be94e8e1951, b9b97e6aeb534315f9646b2090d1a5024c6a4e82, cbc03ce3e6ce7e21214c3f02218213574c1a2d08

Vendor Advisory: https://git.kernel.org/stable/c/b5cbacd7f86f4f62b8813688c8e73be94e8e1951

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution vendor. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Restrict procfs access

Linux

Limit access to /proc filesystem to reduce attack surface

mount -o remount,hidepid=2 /proc
chmod 750 /proc

🧯 If You Can't Patch

  • Implement strict access controls on /proc filesystem
  • Monitor system for deadlock symptoms and have reboot procedures ready

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with affected ranges from git commits

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version matches patched version and test procfs operations

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • Process hang/timeout logs
  • System deadlock indicators in dmesg

Network Indicators:

  • None - local vulnerability only

SIEM Query:

Search for: 'deadlock', 'kernel panic', 'procfs' in system logs

📊 Metadata

CVE ID: CVE-2026-23199
CVSS v3 Score: N/A (Unknown)
Published: February 14, 2026
Last Updated: February 18, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON