{
  "threat_severity" : "Moderate",
  "public_date" : "2026-05-28T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: exit: prevent preemption of oopsing TASK_DEAD task",
    "id" : "2482634",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2482634"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.0",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-1341",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nexit: prevent preemption of oopsing TASK_DEAD task\nWhen an already-exiting task oopses, make_task_dead() currently calls\ndo_task_dead() with preemption enabled.  That is forbidden:\ndo_task_dead() calls __schedule(), which has a comment saying \"WARNING:\nmust be called with preemption disabled!\".\nIf an oopsing task is preempted in do_task_dead(), between becoming\nTASK_DEAD and entering the scheduler explicitly, bad things happen:\nfinish_task_switch() assumes that once the scheduler has switched away\nfrom a TASK_DEAD task, the task can never run again and its stack is no\nlonger needed; but that assumption apparently doesn't hold if the dead\ntask was preempted (the SM_PREEMPT case).\nThis means that the scheduler ends up repeatedly dropping references on\nthe dead task's stack, which can lead to use-after-free or double-free\nof the entire task stack; in other words, two tasks can end up running\non the same stack, resulting in various kinds of memory corruption.\n(This does not just affect \"recursively oopsing\" tasks; it is enough to\noops once during task exit, for example in a file_operations::release\nhandler)", "A flaw was found in the Linux kernel. During the exit process of a task that has encountered an error, the system can incorrectly allow the task to be interrupted. This can lead to improper management of the task's memory, potentially causing memory corruption. Such an issue could allow a local attacker to cause a system crash (Denial of Service) or potentially gain elevated privileges." ],
  "statement" : "This Moderate flaw in the Linux kernel can lead to memory corruption, potentially allowing a local attacker to cause a system crash or escalate privileges. The vulnerability arises from incorrect preemption handling during the exit of an error-prone task, leading to improper stack management. This issue affects Red Hat Enterprise Linux 9 and 10, and Red Hat In-Vehicle OS 2.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2026-06-20T00:00:00Z",
    "advisory" : "RHSA-2026:27288",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.2",
    "package" : "kernel-0:6.12.0-211.26.1.el10_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-06-22T00:00:00Z",
    "advisory" : "RHSA-2026:27789",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-687.17.1.el9_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-06-22T00:00:00Z",
    "advisory" : "RHSA-2026:27789",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-687.17.1.el9_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions",
    "release_date" : "2026-06-22T00:00:00Z",
    "advisory" : "RHSA-2026:27713",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.4",
    "package" : "kernel-0:5.14.0-427.134.1.el9_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Under investigation",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-46173\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-46173\nhttps://lore.kernel.org/linux-cve-announce/2026052827-CVE-2026-46173-0214@gregkh/T" ],
  "name" : "CVE-2026-46173",
  "csaw" : false
}