CVE-2026-52973: In the Linux kernel, the following vulnerability has been resolved: futex: Drop CLONE_THREAD requirement for private de
Summary
A vulnerability in the Linux kernel's futex (fast userspace mutex, a synchronization mechanism for threads) system was found where the code incorrectly required CLONE_THREAD (a flag that clones thread properties) when allocating hash tables, causing memory safety bugs when processes shared memory in other ways. The fix loosens this requirement to allow any CLONE_VM clone (memory sharing between processes) except vfork() (a process creation method), which prevents the memory corruption issue while avoiding unnecessary overhead.
Solution / Mitigation
Loosen the check to cover any CLONE_VM clone, except vfork(). Excluding vfork keeps the existing paths untouched (no overhead), and the vulnerability cannot occur because either the parent is suspended and the child runs alone, or mm->futex_ref is already allocated from an earlier CLONE_VM.
Vulnerability Details
EPSS: 0.0%
June 24, 2026
Classification
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-52973
First tracked: June 24, 2026 at 02:02 PM
Classified by LLM (prompt v3) · confidence: 95%