CVE-2026-23134
Sleeping Lock Context Check Bypass in Linux Kernel PREEMPT_RT
Publication date: 2026-02-14
Last updated on: 2026-03-17
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | 6.19 |
| linux | linux_kernel | From 6.18 (inc) to 6.18.8 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's slab allocator, specifically in the kmalloc_nolock() function when running on PREEMPT_RT kernels. The issue is that kmalloc_nolock() checks if it is running in non-maskable interrupt (NMI) or hard IRQ context but fails to check if preemption is disabled. On PREEMPT_RT kernels, local_lock becomes a sleeping lock, which cannot be acquired when preemption is disabled.
When a BPF program runs from a tracepoint with preemption disabled (preempt_count > 0), kmalloc_nolock() calls local_lock_irqsave(), which tries to acquire a sleeping lock. This leads to a kernel bug where a sleeping function is called from an invalid context, causing a BUG message and potential kernel instability.
The fix involves adding a check for !preemptible() on PREEMPT_RT kernels to ensure that sleeping locks are not taken when preemption is disabled, covering all relevant contexts including NMI, hard IRQ, and disabled preemption.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to trigger a BUG due to a sleeping function being called from an invalid context. This can lead to kernel instability, crashes, or unexpected behavior when running BPF programs on PREEMPT_RT kernels with preemption disabled.
Such instability can affect system reliability and availability, potentially causing downtime or data loss depending on the environment where the kernel is deployed.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability manifests as a BUG triggered by calling a sleeping function from an invalid context in the Linux kernel when running on PREEMPT_RT kernels.
Specifically, the kernel log may show messages similar to:
- BUG: sleeping function called from invalid context
- in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: <process_id>
- preempt_count: > 0, expected: 0
To detect this issue, monitor your system logs (e.g., using dmesg or journalctl) for these BUG messages.
Example commands to check kernel logs for this issue include:
- dmesg | grep 'BUG: sleeping function called from invalid context'
- journalctl -k | grep 'BUG: sleeping function called from invalid context'
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is fixed by updating the Linux kernel to a version where the kmalloc_nolock() context check properly accounts for PREEMPT_RT context by checking !preemptible().
Immediate mitigation steps include:
- Update your Linux kernel to the latest version that includes the fix for this issue.
- Avoid running BPF programs from tracepoints with preemption disabled until the fix is applied.
- Monitor kernel logs for BUG messages indicating this issue to detect if the vulnerability is being triggered.