CVE-2026-23134

On PREEMPTRT kernels, locallock becomes a sleeping lock. The current check in kmalloc_nolock() only verifies we're not in NMI or hard IRQ context, but misses the case where preemption is disabled.

When a BPF program runs from a tracepoint with preemption disabled (preemptcount > 0), kmallocnolock() proceeds to call locallockirqsave() which attempts to acquire a sleeping lock, triggering:

BUG: sleeping function called from invalid context inatomic(): 1, irqsdisabled(): 0, nonblock: 0, pid: 6128 preemptcount: 2, expected: 0

Fix this by checking !preemptible() on PREEMPT_RT, which directly expresses the constraint that we cannot take a sleeping lock when preemption is disabled. This encompasses the previous checks for NMI and hard IRQ contexts while also catching cases where preemption is disabled.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23134.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

af92793e52c3a99b828ed4bdd277fd3e11c18d08

Fixed

f60ba4a97ae3f94e4818722ed2e4d260bbb17b44

Fixed

99a3e3a1cfc93b8fe318c0a3a5cfb01f1d4ad53c

Affected versions

v6.*

v6.17

v6.17-rc4

v6.17-rc5

v6.17-rc6

v6.17-rc7

v6.18

v6.18-rc1

v6.18-rc2

v6.18-rc3

v6.18-rc4

v6.18-rc5

v6.18-rc6

v6.18-rc7

v6.18.1

v6.18.2

v6.18.3

v6.18.4

v6.18.5

v6.18.6

v6.18.7

v6.19-rc1

v6.19-rc2

v6.19-rc3

v6.19-rc4

v6.19-rc5

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23134.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.18.0

Fixed

6.18.8

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23134.json"