目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1336

100%

CVE-2026-52977— futex 信号/超时唤醒时可能导致锁死

EPSS 0.17% · P7
获取后续新漏洞提醒登录后订阅

一、 漏洞 CVE-2026-52977 基础信息

漏洞信息

对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
futex: Prevent lockup in requeue-PI during signal/ timeout wakeup
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: futex: Prevent lockup in requeue-PI during signal/ timeout wakeup During wait-requeue-pi (task A) and requeue-PI (task B) the following race can happen: Task A Task B futex_wait_requeue_pi() futex_setup_timer() futex_do_wait() futex_requeue() CLASS(hb, hb1)(&key1); CLASS(hb, hb2)(&key2); *timeout* futex_requeue_pi_wakeup_sync() requeue_state = Q_REQUEUE_PI_IGNORE *blocks on hb->lock* futex_proxy_trylock_atomic() futex_requeue_pi_prepare() Q_REQUEUE_PI_IGNORE => -EAGAIN double_unlock_hb(hb1, hb2) *retry* Task B acquires both hb locks and attempts to acquire the PI-lock of the top most waiter (task B). Task A is leaving early due to a signal/ timeout and started removing itself from the queue. It updates its requeue_state but can not remove it from the list because this requires the hb lock which is owned by task B. Usually task A is able to swoop the lock after task B unlocked it. However if task B is of higher priority then task A may not be able to wake up in time and acquire the lock before task B gets it again. Especially on a UP system where A is never scheduled. As a result task A blocks on the lock and task B busy loops, trying to make progress but live locks the system instead. Tragic. This can be fixed by removing the top most waiter from the list in this case. This allows task B to grab the next top waiter (if any) in the next iteration and make progress. Remove the top most waiter if futex_requeue_pi_prepare() fails. Let the waiter conditionally remove itself from the list in handle_early_requeue_pi_wakeup().
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
N/A
来源: 美国国家漏洞数据库 NVD

受影响产品

厂商产品影响版本CPE订阅
LinuxLinux 07d91ef510fb16a2e0ca7453222105835b7ba3b8 ~ 4e0ed44e51727d56244a822ab941efe507c47966 -
LinuxLinux 5.15 -

二、漏洞 CVE-2026-52977 的公开POC

#POC 描述源链接神龙链接
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC

三、漏洞 CVE-2026-52977 的情报信息

登录查看更多情报信息。

CVE-2026-52977 补丁与修复 (5)

CVE-2026-52977 其他参考 (1)

同批安全公告 · Linux · 2026-06-24 · 共 219 条

CVE-2026-530469.8 CRITICALksmbd Qualcomm 加密引擎异步加密 UAF 漏洞
CVE-2026-530889.8 CRITICALBcmgenet 驱动 bcmgenet_put_txcb 偏移错误漏洞
CVE-2026-530109.8 CRITICALksmbd 内核模块 SMB2 打开会话持久重连时存在使用之后释放漏洞
CVE-2026-530069.8 CRITICALIPv6 icmpv6_rcv() 中可能的 UAF 漏洞
CVE-2026-530869.8 CRITICALNet: BCMGenet 修复竞态超时处理漏洞
CVE-2026-530029.8 CRITICALnetfilter conntrack移除sprintf使用
CVE-2026-529939.8 CRITICALTIPC tipc_buf_append() 双重释放漏洞
CVE-2026-529899.8 CRITICALnvmet-tcp 传播 nvmet_tcp_build_pdu_iovec() 错误到调用者
CVE-2026-529869.8 CRITICALnetfilter nf_conntrack_sip 漏洞
CVE-2026-529829.8 CRITICALRealtek RTL8150 网卡 use-after-free 漏洞
CVE-2026-530459.8 CRITICALTegra124 EMC dll_change 检查漏洞
CVE-2026-529559.8 CRITICALlibceph crush_decode() 潜在越界访问漏洞
CVE-2026-530499.8 CRITICALGFS2 文件系统日志锁定缺失漏洞
CVE-2026-529149.8 CRITICALbatman-adv 片段重组长度计算漏洞
CVE-2026-529319.8 CRITICALbatman-adv tp_meter 未初始化变量使用漏洞
CVE-2026-529249.8 CRITICALsctp COOKIE-ECHO处理过时导致outqueue清理
CVE-2026-530559.8 CRITICALHisilicon SEC2 使用后释放漏洞
CVE-2026-530439.1 CRITICALOCFS2 DLM 队列区域数验证缺陷
CVE-2026-529999.1 CRITICALNetfilter: nfnetlink_osf 匹配选项越界读漏洞
CVE-2026-529589.1 CRITICALlibceph osdmap_decode() 越界访问漏洞

显示前 20 条,共 219 条。 查看全部 → →

IV. Related Vulnerabilities

V. Comments for CVE-2026-52977

暂无评论


发表评论