CVE-2026-23380

Description

In the Linux kernel, the following vulnerability has been resolved:tracing: Fix WARN_ON in tracing_buffers_mmap_closeWhen a process forks, the child process copies the parents VMAs but theuser_mapped reference count is not incremented. As a result, when both theparent and child processes exit, tracing_buffers_mmap_close() is calledtwice. On the second call, user_mapped is already 0, causing the function toreturn -ENODEV and triggering a WARN_ON.Normally, this isnt an issue as the memory is mapped with VM_DONTCOPY set.But this is only a hint, and the application can callmadvise(MADVISE_DOFORK) which resets the VM_DONTCOPY flag. When theapplication does that, it can trigger this issue on fork.Fix it by incrementing the user_mapped reference count without re-mappingthe pages in the VMAs open callback.

Risk Information

Base Score

3.3

MODERATE

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

EPSS Score

Exploitation Probability

0.023

Associated Vulnerability

No records found

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234