CVE-2026-52973
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk3th percentile — higher than 3% of all known CVEs
Summary
In the Linux kernel, a vulnerability was found in the futex mechanism where need_futex_hash_allocate_default() incorrectly required the CLONE_THREAD flag for default hash allocation. This caused use-after-free bugs when sharing memory (mm) in ways other than threads, e.g., via child processes.
Risk Assessment
The organization is at risk of system crashes and potential privilege escalation due to a use-after-free bug in the kernel, which could lead to unauthorized memory access or system hangs.
Recommendation
Immediately update the Linux kernel to a version containing the fix (commit removing the CLONE_THREAD requirement and adding CLONE_VM support excluding vfork).
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: futex: Drop CLONE_THREAD requirement for private default hash alloc Currently need_futex_hash_allocate_default() depends on strict pthread semantics, abusing CLONE_THREAD. This breaks the non-concurrency assumptions when doing the mm->futex_ref pcpu allocations, leading to bugs[0] when sharing the mm in other ways; ie: BUG: KASAN: slab-use-after-free in futex_hash_put ... where the +1 bias can end up on a percpu counter that mm->futex_ref no longer points at. Loosen the check to cover any CLONE_VM clone, except vfork(). Excluding vfork keeps the existing paths untouched (no overhead), and we can't race in the first place: either the parent is suspended and the child runs alone, or mm->futex_ref is already allocated from an earlier CLONE_VM.

