CVE intelligence and bounded remediation
CVE-2026-23199 — Linux Linux Kernel security vulnerability
In the Linux kernel, the following vulnerability has been resolved: procfs: avoid fetching build ID while holding VMA lock Fix PROCMAP_QUERY to fetch optional build ID only after dropping mmap_lock or per-VMA lock, whichever was used to lock VMA under question, to avoid deadlock reported by syzbot: -> #1 (&mm->mmap_lock){++++}-{4:4}: __might_fault+0xed/0x170 _copy_to_iter+0x118/0x1720 copy_page_to_iter+0x12d/0x1e0 filemap_read+0x720/0x10a0 blkdev_read_iter+0x2b5/0x4e0 vfs_read+0x7f4/0xae0 ksys_read+0x12a/0x250 do_syscall_64+0xcb/0xf80 entry_SYSCALL_64_after_hwframe+0x77/0x7f -> #0 (&sb->s_type->i_mutex_key#8){++++}-{4:4}: __lock_acquire+0x1509/0x26d0 lock_acquire+0x185/0x340 down_read+0x98/0x490 blkdev_read_iter+0x2a7/0x4e0 __kernel_read+0x39a/0xa90 freader_fetch+0x1d5/0xa80 __build_id_parse.isra.0+0xea/0x6a0 do_procmap_query+0xd75/0x1050 procfs_procmap_ioctl+0x7a/0xb0 __x64_sys_ioctl+0x18e/0x210 do_syscall_64+0xcb/0xf80 entry_SYSCALL_64_after_hwframe+0x77/0x7f other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- rlock(&mm->mmap_lock); lock(&sb->s_type->i_mutex_key#8); lock(&mm->mmap_lock); rlock(&sb->s_type->i_mutex_key#8); *** DEADLOCK…
- Severity
- Medium
- CVSS
- 5.5 (3.1)
- Published
- 2026-02-14
- CISA KEV
- Not currently listed
- Ecosystem
- linux/kernel
- Weaknesses
- CWE-667
Affected products
- linux / linux_kernel
- linux / linux_kernel / 6.19
Matched remediation archetype
Race condition, TOCTOU, and lifecycle synchronization
This catalog composition supplies bounded fallback guidance. Explicitly reviewed curated workflows load with the complete record below.
Check exposure
- Map concurrent actors, shared state, lock boundaries, signals, callbacks, retries, and check-then-use sequences in the affected path.
- Determine whether untrusted users can influence timing, object names, filesystem state, or repeated state transitions.
- Identify clustered and multi-process behavior that repository-local tests may not represent.
Remediate safely
- Make the sensitive state transition atomic or protect it with a consistently ordered synchronization primitive.
- Perform authorization and invariant checks on the same authoritative object and transaction used for the operation.
- Use unique private resources, safe ownership transfer, and idempotent operations; add deterministic concurrency regression tests.
Authoritative sources
Complete CVE record and remediation plan
The detailed catalog view below loads this exact record, its source evidence, and the full seven-phase agentic change plan.