CVE-2026-46173
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk3th percentile - higher than 3% of all known CVEs
Summary
A vulnerability has been identified in the Linux kernel that allows preemption of a TASK_DEAD task during its exit. This can lead to serious memory issues, such as use-after-free or double-free of the task's stack.
Risk Assessment
Organizations may be exposed to severe memory errors, potentially leading to system crashes or unauthorized data access. In particular, the ability for two tasks to run on the same stack poses a risk of memory corruption.
Recommendation
It is recommended to update the Linux kernel to the latest version to mitigate this vulnerability. Additionally, monitor systems for unusual behaviors related to memory management.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: exit: prevent preemption of oopsing TASK_DEAD task When an already-exiting task oopses, make_task_dead() currently calls do_task_dead() with preemption enabled. That is forbidden: do_task_dead() calls __schedule(), which has a comment saying "WARNING: must be called with preemption disabled!". If an oopsing task is preempted in do_task_dead(), between becoming TASK_DEAD and entering the scheduler explicitly, bad things happen: finish_task_switch() assumes that once the scheduler has switched away from a TASK_DEAD task, the task can never run again and its stack is no longer needed; but that assumption apparently doesn't hold if the dead task was preempted (the SM_PREEMPT case). This means that the scheduler ends up repeatedly dropping references on the dead task's stack, which can lead to use-after-free or double-free of the entire task stack; in other words, two tasks can end up running on the same stack, resulting in various kinds of memory corruption. (This does not just affect "recursively oopsing" tasks; it is enough to oops once during task exit, for example in a file_operations::release handler)

