In the Linux kernel, the following vulnerability has been resolved: exec: fix the racy usage of fsstruct->inexec checkunsafeexec() sets fs->inexec under credguardmutex, then execve() paths clear fs->inexec lockless. This is fine if exec succeeds, but if it fails we have the following race: T1 sets fs->inexec = 1, fails, drops credguardmutex T2 sets fs->inexec = 1 T1 clears fs->inexec T2 continues with fs->inexec == 0 Change fs/exec.c to clear fs->inexec with credguard_mutex held.