bpf, sockmap: Fix af_unix iter deadlock

Summary

CVECVE-2026-53035
StatePUBLISHED
AssignerLinux
Source PriorityCVE Program / NVD first with legacy fallback
Published2026-06-24 17:17:14 UTC
Updated2026-06-24 17:17:14 UTC
DescriptionIn the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix af_unix iter deadlock bpf_iter_unix_seq_show() may deadlock when lock_sock_fast() takes the fast path and the iter prog attempts to update a sockmap. Which ends up spinning at sock_map_update_elem()'s bh_lock_sock(): WARNING: possible recursive locking detected test_progs/1393 is trying to acquire lock: ffff88811ec25f58 (slock-AF_UNIX){+...}-{3:3}, at: sock_map_update_elem+0xdb/0x1f0 but task is already holding lock: ffff88811ec25f58 (slock-AF_UNIX){+...}-{3:3}, at: __lock_sock_fast+0x37/0xe0 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(slock-AF_UNIX); lock(slock-AF_UNIX); *** DEADLOCK *** May be due to missing lock nesting notation 4 locks held by test_progs/1393: #0: ffff88814b59c790 (&p->lock){+.+.}-{4:4}, at: bpf_seq_read+0x59/0x10d0 #1: ffff88811ec25fd8 (sk_lock-AF_UNIX){+.+.}-{0:0}, at: bpf_seq_read+0x42c/0x10d0 #2: ffff88811ec25f58 (slock-AF_UNIX){+...}-{3:3}, at: __lock_sock_fast+0x37/0xe0 #3: ffffffff85a6a7c0 (rcu_read_lock){....}-{1:3}, at: bpf_iter_run_prog+0x51d/0xb00 Call Trace: dump_stack_lvl+0x5d/0x80 print_deadlock_bug.cold+0xc0/0xce __lock_acquire+0x130f/0x2590 lock_acquire+0x14e/0x2b0 _raw_spin_lock+0x30/0x40 sock_map_update_elem+0xdb/0x1f0 bpf_prog_2d0075e5d9b721cd_dump_unix+0x55/0x4f4 bpf_iter_run_prog+0x5b9/0xb00 bpf_iter_unix_seq_show+0x1f7/0x2e0 bpf_seq_read+0x42c/0x10d0 vfs_read+0x171/0xb20 ksys_read+0xff/0x200 do_syscall_64+0x6b/0x3a0 entry_SYSCALL_64_after_hwframe+0x76/0x7e

Risk And Classification

EPSS: 0.001720000 probability, percentile 0.068940000 (date 2026-06-29)

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA Linux Linux affected 2c860a43dd77f969bb959336a2f743d7103a8f63 bd3592129f24243713673a07225cf1f15a9bb835 git Not specified
CNA Linux Linux affected 2c860a43dd77f969bb959336a2f743d7103a8f63 3cef33b9813b78f227942572fb317afcd5c9ac94 git Not specified
CNA Linux Linux affected 2c860a43dd77f969bb959336a2f743d7103a8f63 87828b380956d4986f59f2c086e0b09b3e6cdaae git Not specified
CNA Linux Linux affected 2c860a43dd77f969bb959336a2f743d7103a8f63 527057ebe8076dfbcaef51195ff1b7508646be2c git Not specified
CNA Linux Linux affected 2c860a43dd77f969bb959336a2f743d7103a8f63 66d9fab4565eafe1afe7ba0581f79b76073b60fa git Not specified
CNA Linux Linux affected 2c860a43dd77f969bb959336a2f743d7103a8f63 4d328dd695383224aa750ddee6b4ad40c0f8d205 git Not specified
CNA Linux Linux affected 5.15 Not specified
CNA Linux Linux unaffected 5.15 semver Not specified
CNA Linux Linux unaffected 6.1.175 6.1.* semver Not specified
CNA Linux Linux unaffected 6.6.141 6.6.* semver Not specified
CNA Linux Linux unaffected 6.12.91 6.12.* semver Not specified
CNA Linux Linux unaffected 6.18.33 6.18.* semver Not specified
CNA Linux Linux unaffected 7.0.10 7.0.* semver Not specified
CNA Linux Linux unaffected 7.1 * original_commit_for_fix Not specified

References

ReferenceSourceLinkTags
git.kernel.org/stable/c/bd3592129f24243713673a07225cf1f15a9bb835 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/3cef33b9813b78f227942572fb317afcd5c9ac94 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/87828b380956d4986f59f2c086e0b09b3e6cdaae 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/66d9fab4565eafe1afe7ba0581f79b76073b60fa 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/4d328dd695383224aa750ddee6b4ad40c0f8d205 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/527057ebe8076dfbcaef51195ff1b7508646be2c 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report