CVE-2026-23159
Description
In the Linux kernel, the following vulnerability has been resolved:perf: sched: Fix perf crash with new is_user_task() helperIn order to do a user space stacktrace the current task needs to be a usertask that has executed in user space. It use to be possible to test if atask is a user task or not by simply checking the task_struct mm field. Ifit was non null, it was a user task and if not it was a kernel task.But things have changed over time, and some kernel tasks now have theirown mm field.An idea was made to instead test PF_KTHREAD and two functions were used towrap this check in case it became more complex to test if a task was auser task or not[1]. But this was rejected and the C code simply checkedthe PF_KTHREAD directly.It was later found that not all kernel threads set PF_KTHREAD. The io-uringhelpers instead set PF_USER_WORKER and this needed to be added as well.But checking the flags is still not enough. Theres a very small windowwhen a task exits that it frees its mm field and it is set back to null.If perf were to trigger at this moment, the flags test would say its auser space task but when perf would read the mm field it would crash withat null pointer dereference.Now there are flags that can be used to test if a task is exiting, butthey are set in areas that perf may still want to profile the user spacetask (to see where it exited). The only real test is to check both theflags and the mm field.Instead of making this modification in every location, create a newis_user_task() helper function that does all the tests needed to know ifit is safe to read the user space memory or not.[1] https://lore.kernel.org/all/20250425204120.639530125@goodmis.org/
Risk Information
Associated Vulnerability
No records foundPatch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234