Updated: 2026-02-27 02:24:23.493919
Description:
In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix a data-race in unix_dgram_peer_wake_me(). unix_dgram_poll() calls unix_dgram_peer_wake_me() without `other`'s lock held and check if its receive queue is full. Here we need to use unix_recvq_full_lockless() instead of unix_recvq_full(), otherwise KCSAN will report a data-race.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | MEDIUM | 4.7 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | kernel | 5.14.0 | 4.7 | MEDIUM | Ignored | 2025-05-07 04:16:33 | This flaw is exploitable only by a local user who can run code and reliably trigger a race in the AF... | |
| CentOS 8.4 ELS | kernel | 4.18.0 | 4.7 | MEDIUM | Ignored | 2025-03-18 02:18:47 | Ignored due to low severity | |
| CentOS 8.5 ELS | kernel | 4.18.0 | 4.7 | MEDIUM | Ignored | 2025-03-18 02:18:48 | Ignored due to low severity | |
| Ubuntu 16.04 ELS | linux-hwe | 4.15.0 | 4.7 | MEDIUM | Ignored | 2025-03-17 23:16:01 | Ignored due to low severity | |
| Ubuntu 16.04 ELS | linux | 4.4.0 | 4.7 | MEDIUM | Ignored | 2025-03-17 23:15:52 | Ignored due to low severity |