CVE-2026-53341: In the Linux kernel, the following vulnerability has been resolved: fhandle: fix UAF due to unlocked ->mnt_ns read in m
Summary
A use-after-free vulnerability (UAF, where code accesses memory that has already been freed) exists in the Linux kernel's fhandle code because the may_decode_fh() function reads mount namespace data without holding locks, allowing another thread to free that memory concurrently. The bug only triggers if certain kernel configuration options are enabled and requires specific timing conditions.
Solution / Mitigation
Fix it by taking rcu_read_lock() (a read-side lock for RCU, a synchronization mechanism that protects concurrent access) around the mount::mnt_ns access, like in __prepend_path(). Additionally, document the semantics of mount::mnt_ns, and use WRITE_ONCE() (a compiler directive that ensures a value is written exactly once without optimization) for writers that can race with lockless readers.
Vulnerability Details
EPSS: 0.0%
July 1, 2026
Classification
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-53341
First tracked: July 1, 2026 at 02:09 PM
Classified by LLM (prompt v3) · confidence: 95%