CVE-2026-53361 is a vulnerability in Linux Kernel
Published on July 4, 2026
af_unix: Set gc_in_progress to true in unix_gc().
In the Linux kernel, the following vulnerability has been resolved:
af_unix: Set gc_in_progress to true in unix_gc().
Igor Ushakov reported that unix_gc() could run with gc_in_progress
being false if the work is scheduled while running:
Thread 1 Thread 2 Thread 3
-------- -------- --------
unix_schedule_gc() unix_schedule_gc()
`- if (!gc_in_progress) `- if (!gc_in_progress)
|- gc_in_progress = true |
`- queue_work() |
unix_gc() <----------------/ |
| |- gc_in_progress = true
... `- queue_work()
| |
`- gc_in_progress = false |
|
unix_gc() <---------------------------------------------'
|
... /* gc_in_progress == false */
|
`- gc_in_progress = false
unix_peek_fpl() relies on gc_in_progress not to confuse GC
by MSG_PEEK.
Let's set gc_in_progress to true in unix_gc().
Products Associated with CVE-2026-53361
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version 328840c93bd6a4871dd10908d01b41eab83eb8e2 and below 82c17e13d404f686e164590483fd6c1abaa675d0 is affected.
- Version 8b90a9f819dc2a06baae4ec1a64d875e53b824ec and below 591f1ac217428a6d2b32a8ac14aac0fab44f155a is affected.
- Version 8b90a9f819dc2a06baae4ec1a64d875e53b824ec and below 0cfa78c050662784fc8e3ab26dbfd1dc632b2082 is affected.
- Version 8b90a9f819dc2a06baae4ec1a64d875e53b824ec and below d82ba05263c69fa2437fe93e4e561cc40f4c03af is affected.
- Version ceb8bd6c69c1680fd9b45e7f16d7170c9c7513a5 is affected.
- Version 6.6.93 and below 6.6.144 is affected.
- Version 6.1.141 and below 6.2 is affected.
- Version 6.9 is affected.
- Before 6.9 is unaffected.
- Version 6.6.144, <= 6.6.* is unaffected.
- Version 6.12.95, <= 6.12.* is unaffected.
- Version 6.18.38, <= 6.18.* is unaffected.
- Version 7.1, <= * is unaffected.