CVE-2026-23311
Received Received - Intake
Invalid Wait Context Bug in Linux Kernel perf/core Scheduling

Publication date: 2026-03-25

Last updated on: 2026-03-25

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix invalid wait context in ctx_sched_in() Lockdep found a bug in the event scheduling when a pinned event was failed and wakes up the threads in the ring buffer like below. It seems it should not grab a wait-queue lock under perf-context lock. Let's do it with irq_work. [ 39.913691] ============================= [ 39.914157] [ BUG: Invalid wait context ] [ 39.914623] 6.15.0-next-20250530-next-2025053 #1 Not tainted [ 39.915271] ----------------------------- [ 39.915731] repro/837 is trying to lock: [ 39.916191] ffff88801acfabd8 (&event->waitq){....}-{3:3}, at: __wake_up+0x26/0x60 [ 39.917182] other info that might help us debug this: [ 39.917761] context-{5:5} [ 39.918079] 4 locks held by repro/837: [ 39.918530] #0: ffffffff8725cd00 (rcu_read_lock){....}-{1:3}, at: __perf_event_task_sched_in+0xd1/0xbc0 [ 39.919612] #1: ffff88806ca3c6f8 (&cpuctx_lock){....}-{2:2}, at: __perf_event_task_sched_in+0x1a7/0xbc0 [ 39.920748] #2: ffff88800d91fc18 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_in+0x1f9/0xbc0 [ 39.921819] #3: ffffffff8725cd00 (rcu_read_lock){....}-{1:3}, at: perf_event_wakeup+0x6c/0x470
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-03-25
Generated
2026-05-07
AI Q&A
2026-03-25
EPSS Evaluated
2026-05-05
NVD
CVE-2026-23311
EUVD
EUVD-2026-15253
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux_kernel linux_kernel 6.15.0-next-20250530-next-2025053
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is in the Linux kernel's perf subsystem, specifically in the event scheduling code within the function ctx_sched_in().

The issue involves an invalid wait context caused by locking a wait-queue lock while already holding the perf-context lock, which is not allowed. This leads to a bug detected by Lockdep, a kernel locking correctness validator.

The problem occurs when a pinned event fails and wakes up threads in the ring buffer, causing improper locking sequences that can lead to kernel warnings or instability.

The fix involves changing the locking mechanism to use irq_work instead of grabbing the wait-queue lock under the perf-context lock.


How can this vulnerability impact me? :

This vulnerability can cause kernel instability or crashes due to improper locking in the perf event scheduling code.

Such instability may lead to system hangs, degraded performance, or unexpected behavior in applications relying on the Linux kernel's performance monitoring features.

While no direct data breach or privilege escalation is described, system reliability and availability could be negatively affected.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability manifests as an invalid wait context bug detected by Lockdep in the Linux kernel's perf/core subsystem. It can be identified by examining kernel logs for specific error messages related to invalid wait contexts during event scheduling.

  • Check kernel logs (e.g., using dmesg) for messages containing 'BUG: Invalid wait context' and references to perf_event functions such as __perf_event_task_sched_in or perf_event_wakeup.
  • Use the command: dmesg | grep 'BUG: Invalid wait context'
  • Look for stack traces in the logs that mention locks held by processes related to perf events.

What immediate steps should I take to mitigate this vulnerability?

The vulnerability has been resolved in the Linux kernel by fixing the invalid wait context in the perf/core subsystem. Immediate mitigation involves updating the Linux kernel to a version that includes this fix.

  • Upgrade your Linux kernel to a version released after 2026-03-25 that contains the patch for the invalid wait context in ctx_sched_in.
  • If upgrading immediately is not possible, consider disabling or limiting the use of perf events or related profiling tools until the patch can be applied.

Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart