Volerion logoVolerion
Volerion logoVolerion

Linux Kernel RT Mutex Waiter Task Handling Vulnerability in Remove Waiter Function

Vulnerability

A vulnerability exists in the Linux kernel's real-time (RT) mutex handling, specifically within the remove_waiter() function. This function is intended to manage task waiters in mutex operations but incorrectly uses the current task context, leading to several issues. The vulnerability affects the Linux kernel stable tree and has been addressed in a recent commit.

Impact

The vulnerability can lead to a use-after-free condition by leaving a dangling pointer after a task is removed from the wait queue, potentially allowing for arbitrary memory access.

Reproduction

The vulnerability can be reproduced by invoking the rt_mutex_start_proxy_lock() function from within a futex_requeue() operation. This scenario will cause the remove_waiter() function to incorrectly process the current task, leading to the described issues.

Remediation

Users can upgrade to the latest version of the Linux kernel stable tree, where this vulnerability has been fixed.

Added: May 21, 2026, 1:34 PM
Updated: May 21, 2026, 1:34 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
4.3
remediation
7.7
relevance
9.0
threat
4.8
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.