Back

AF_UNIX Garbage Collector Rework Addresses Memory Management Issues

Severity: Low (Score: 24.9)

Sources: lwn.net, projectzero.google, News.Ycombinator

Published: 2026-06-11 · Updated: 2026-06-11

Keywords: af_unix, file, socket, rework, unix, remastered, pass

Summary

The AF_UNIX garbage collector in the Linux kernel has undergone a significant rewrite to improve memory management for sockets. This change addresses issues where sockets could become unreachable from user-space yet remain alive in the kernel, leading to inefficiencies. The new implementation utilizes Tarjan's Strongly Connected Components algorithm to track inflight sockets and prevent cyclic references. The previous garbage collector was prone to bugs and required locking mechanisms that complicated its operation. The rework aims to minimize locking and enhance performance, particularly when no cyclic references are present. The changes are detailed across multiple patches, focusing on optimizing inflight file descriptor counting and improving the overall garbage collection process. This update is crucial for maintaining kernel stability and efficiency, especially in environments with high socket usage. Key Points: • The AF_UNIX garbage collector has been rewritten to improve memory management efficiency. • The new implementation uses Tarjan's algorithm to prevent cyclic references in socket handling. • The changes aim to reduce locking mechanisms, enhancing performance in high socket usage scenarios.

Detailed Analysis

**Impact** The rework affects Linux kernel users relying on AF_UNIX sockets, particularly systems with heavy inter-process communication using SCM_RIGHTS file descriptor passing. Memory inefficiencies and potential Use-After-Free bugs in the previous garbage collector could lead to resource exhaustion or kernel instability. No specific sectors, geographies, or data breaches are reported, but embedded and mobile devices using Linux kernels with AF_UNIX sockets may be impacted. **Technical Details** The update replaces the AF_UNIX garbage collector with a new implementation based on Tarjan’s Strongly Connected Components algorithm to detect and collect cyclic references of inflight AF_UNIX sockets. The previous GC was prone to bugs including Use-After-Free conditions and required locking each socket’s receive queue, causing performance issues. No CVEs or active exploitation are mentioned. The rework removes race condition workarounds and introduces a dedicated kernel thread for GC, improving reliability and efficiency. **Recommended Response** Apply the latest kernel patches containing the AF_UNIX GC rework series as soon as possible to mitigate memory management issues and potential kernel crashes. Monitor kernel logs for GC-related errors or warnings indicating inflight socket cycles. No specific IOCs or detection signatures are provided; focus on updating to the revised GC implementation and verifying system stability post-deployment.

Source articles (3)

  • Unix GC Remastered — News.Ycombinator · 2026-06-10
    The AF_UNIX garbage collector is an interesting piece of the kernel. It exists because sockets can be sent with SCM_RIGHTS but they can become unreachable from user-space while still being kept alive…
  • LWN “AF_UNIX GC rework” — lwn.net · 2026-06-11
    When we pass a file descriptor to an AF_UNIX socket via SCM_RIGTHS, the underlying struct file of the inflight fd gets its refcount bumped. If the fd is of an AF_UNIX socket, we need to track it in ca…
  • Google P0 post “The quantum state of Linux kernel garbage collection” — projectzero.google · 2026-06-11
    Guest Post by Xingyu Jin, Android Security Research This is part one of a two-part guest blog post, where first we'll look at the root cause of the CVE-2021-0920 vulnerability. In the second post, we'…

Timeline

  • 2025-12-04 — CVE-2025-40214 published: Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
  • 2026-06-10 — AF_UNIX GC rework announced: The Linux kernel team announced a significant rewrite of the AF_UNIX garbage collector to improve memory management and efficiency.
  • 2026-06-11 — LWN article on AF_UNIX GC rework published: LWN published an article detailing the changes and improvements made in the AF_UNIX garbage collector rework.

CVEs

  • CVE-2021-0920
  • CVE-2021-4083
  • CVE-2025-40214

Related entities

  • Zero-day Exploit (Attack Type)
  • Samsung (Company)
  • Cwe-362 - Race Condition (Cwe)
  • Cwe-416 - Use After Free (Cwe)
  • lwn.net (Domain)
  • window.to (Domain)
  • Android (Platform)
  • Linux (Platform)
  • Quantum Linux Kernel Garbage Collection (Vulnerability)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed