In the Linux kernel, the following vulnerability has been resolved:
futex: Drop CLONE_THREAD requirement for private default hash alloc
Currently needfutexhashallocatedefault() depends on strict pthread semantics, abusing CLONETHREAD. This breaks the non-concurrency assumptions when doing the mm->futexref pcpu allocations, leading to bugs[0] when sharing the mm in other ways; ie:
BUG: KASAN: slab-use-after-free in futex_hash_put
... where the +1 bias can end up on a percpu counter that mm->futex_ref no longer points at.
Loosen the check to cover any CLONEVM clone, except vfork(). Excluding vfork keeps the existing paths untouched (no overhead), and we can't race in the first place: either the parent is suspended and the child runs alone, or mm->futexref is already allocated from an earlier CLONE_VM.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/52xxx/CVE-2026-52973.json",
"cna_assigner": "Linux"
}