{"cve":{"cve_id":"CVE-2026-52977","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":null,"epss_percentile":null,"epss_as_of":null,"description":"In the Linux kernel, the following vulnerability has been resolved:\n\nfutex: Prevent lockup in requeue-PI during signal/ timeout wakeup\n\nDuring wait-requeue-pi (task A) and requeue-PI (task B) the following\nrace can happen:\n\n     Task A                             Task B\n  futex_wait_requeue_pi()\n    futex_setup_timer()\n    futex_do_wait()\n                                   futex_requeue()\n                                        CLASS(hb, hb1)(&key1);\n                                        CLASS(hb, hb2)(&key2);\n        *timeout*\n    futex_requeue_pi_wakeup_sync()\n        requeue_state = Q_REQUEUE_PI_IGNORE\n\n    *blocks on hb->lock*\n\n                                        futex_proxy_trylock_atomic()\n                                          futex_requeue_pi_prepare()\n                                            Q_REQUEUE_PI_IGNORE => -EAGAIN\n                                        double_unlock_hb(hb1, hb2)\n                                         *retry*\n\nTask B acquires both hb locks and attempts to acquire the PI-lock of the\ntop most waiter (task B). Task A is leaving early due to a signal/\ntimeout and started removing itself from the queue. It updates its\nrequeue_state but can not remove it from the list because this requires\nthe hb lock which is owned by task B.\n\nUsually task A is able to swoop the lock after task B unlocked it.\nHowever if task B is of higher priority then task A may not be able to\nwake up in time and acquire the lock before task B gets it again.\nEspecially on a UP system where A is never scheduled.\n\nAs a result task A blocks on the lock and task B busy loops, trying to\nmake progress but live locks the system instead. Tragic.\n\nThis can be fixed by removing the top most waiter from the list in this\ncase. This allows task B to grab the next top waiter (if any) in the\nnext iteration and make progress.\n\nRemove the top most waiter if futex_requeue_pi_prepare() fails.\nLet the waiter conditionally remove itself from the list in\nhandle_early_requeue_pi_wakeup().","published_at":"2026-06-24T16:28:53.937000Z","last_modified_at":null,"cvss_v3_score":null,"cvss_v3_vector":null,"cvss_v3_severity":null,"cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":null,"nvd_references":["https://git.kernel.org/stable/c/4e0ed44e51727d56244a822ab941efe507c47966","https://git.kernel.org/stable/c/e3f95b1ba242e37093305812df7fdbe7288a43ac","https://git.kernel.org/stable/c/0aacb6d18f76552e3e0ee25d9f40d21b3486f4cf","https://git.kernel.org/stable/c/69a7cfc66405aeaa2483147653d031b3592ffc9c","https://git.kernel.org/stable/c/0304d60abb9dcc02bc7fe6d1850f4ca206e8f1a0","https://git.kernel.org/stable/c/bc7304f3ae20972d11db6e0b1b541c63feda5f05"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-28T17:55:22.518073Z","updated_at":"2026-06-28T23:30:49.890169Z"},"effective_severity":null,"badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":null,"metrics":[]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"07d91ef510fb16a2e0ca7453222105835b7ba3b8","version_start_inclusive":true,"version_end":"4e0ed44e51727d56244a822ab941efe507c47966","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:07d91ef510fb16a2e0ca7453222105835b7ba3b8:4e0ed44e51727d56244a822ab941efe507c47966"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"07d91ef510fb16a2e0ca7453222105835b7ba3b8","version_start_inclusive":true,"version_end":"e3f95b1ba242e37093305812df7fdbe7288a43ac","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:07d91ef510fb16a2e0ca7453222105835b7ba3b8:e3f95b1ba242e37093305812df7fdbe7288a43ac"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"07d91ef510fb16a2e0ca7453222105835b7ba3b8","version_start_inclusive":true,"version_end":"0aacb6d18f76552e3e0ee25d9f40d21b3486f4cf","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:07d91ef510fb16a2e0ca7453222105835b7ba3b8:0aacb6d18f76552e3e0ee25d9f40d21b3486f4cf"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"07d91ef510fb16a2e0ca7453222105835b7ba3b8","version_start_inclusive":true,"version_end":"69a7cfc66405aeaa2483147653d031b3592ffc9c","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:07d91ef510fb16a2e0ca7453222105835b7ba3b8:69a7cfc66405aeaa2483147653d031b3592ffc9c"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"07d91ef510fb16a2e0ca7453222105835b7ba3b8","version_start_inclusive":true,"version_end":"0304d60abb9dcc02bc7fe6d1850f4ca206e8f1a0","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:07d91ef510fb16a2e0ca7453222105835b7ba3b8:0304d60abb9dcc02bc7fe6d1850f4ca206e8f1a0"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"07d91ef510fb16a2e0ca7453222105835b7ba3b8","version_start_inclusive":true,"version_end":"bc7304f3ae20972d11db6e0b1b541c63feda5f05","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:07d91ef510fb16a2e0ca7453222105835b7ba3b8:bc7304f3ae20972d11db6e0b1b541c63feda5f05"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"5.15","version_start_inclusive":true,"version_end":"5.15","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:5.15:5.15"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"0","version_start_inclusive":true,"version_end":"5.15","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:0:5.15"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"6.1.175","version_start_inclusive":true,"version_end":"6.1.*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:6.1.175:6.1.*"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"6.6.141","version_start_inclusive":true,"version_end":"6.6.*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:6.6.141:6.6.*"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"6.12.91","version_start_inclusive":true,"version_end":"6.12.*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:6.12.91:6.12.*"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"6.18.33","version_start_inclusive":true,"version_end":"6.18.*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:6.18.33:6.18.*"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"7.0.10","version_start_inclusive":true,"version_end":"7.0.*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:7.0.10:7.0.*"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"7.1","version_start_inclusive":true,"version_end":"*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:7.1:*"}],"exploit_refs":[],"news":[],"references":[{"url":"https://git.kernel.org/stable/c/4e0ed44e51727d56244a822ab941efe507c47966","source_type":"MISC","tags":[]},{"url":"https://git.kernel.org/stable/c/e3f95b1ba242e37093305812df7fdbe7288a43ac","source_type":"MISC","tags":[]},{"url":"https://git.kernel.org/stable/c/0aacb6d18f76552e3e0ee25d9f40d21b3486f4cf","source_type":"MISC","tags":[]},{"url":"https://git.kernel.org/stable/c/69a7cfc66405aeaa2483147653d031b3592ffc9c","source_type":"MISC","tags":[]},{"url":"https://git.kernel.org/stable/c/0304d60abb9dcc02bc7fe6d1850f4ca206e8f1a0","source_type":"MISC","tags":[]},{"url":"https://git.kernel.org/stable/c/bc7304f3ae20972d11db6e0b1b541c63feda5f05","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2026-06-24T16:28:53.937000Z","label":"CVE published","source":null}]}