CVE-2026-52936

Source
https://cve.org/CVERecord?id=CVE-2026-52936
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-52936.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-52936
Downstream
Published
2026-06-24T07:14:26.649Z
Modified
2026-07-10T03:54:04.653070603Z
Summary
crypto: jitterentropy - replace long-held spinlock with mutex
Details

In the Linux kernel, the following vulnerability has been resolved:

crypto: jitterentropy - replace long-held spinlock with mutex

jentkcapirandom() serializes the shared jitterentropy state, but it currently holds a spinlock across the jentreadentropy() call. That path performs expensive jitter collection and SHA3 conditioning, so parallel readers can trigger stalls as contending waiters spin for the same lock.

To prevent non-preemptible lock hold, replace rng->jent_lock with a mutex so contended readers sleep instead of spinning on a shared lock held across expensive entropy generation.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/52xxx/CVE-2026-52936.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
bb5530e4082446aac3a3d69780cd4dbfa4520013
Fixed
18216b8ab6904753eaf31baf453cb02ecd202ba4
Fixed
4c03e6eb98443dc4d6d422a9780034a5b75376b4
Fixed
ff734dbd9e2432601a6dcd167cfb0bf8a36d1880
Fixed
ec427dc5286da1ed08f2d510e2147a7581b0cb02
Fixed
01d798e9feb30212952d4e992801ba6bd6a82351

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-52936.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.2.0
Fixed
6.6.141
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.91
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.33
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.10

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-52936.json"