CVE-2026-23311
Analyzed Analyzed - Analysis Complete
Invalid Wait Context Bug in Linux Kernel perf/core Scheduling

Publication date: 2026-03-25

Last updated on: 2026-05-26

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix invalid wait context in ctx_sched_in() Lockdep found a bug in the event scheduling when a pinned event was failed and wakes up the threads in the ring buffer like below. It seems it should not grab a wait-queue lock under perf-context lock. Let's do it with irq_work. [ 39.913691] ============================= [ 39.914157] [ BUG: Invalid wait context ] [ 39.914623] 6.15.0-next-20250530-next-2025053 #1 Not tainted [ 39.915271] ----------------------------- [ 39.915731] repro/837 is trying to lock: [ 39.916191] ffff88801acfabd8 (&event->waitq){....}-{3:3}, at: __wake_up+0x26/0x60 [ 39.917182] other info that might help us debug this: [ 39.917761] context-{5:5} [ 39.918079] 4 locks held by repro/837: [ 39.918530] #0: ffffffff8725cd00 (rcu_read_lock){....}-{1:3}, at: __perf_event_task_sched_in+0xd1/0xbc0 [ 39.919612] #1: ffff88806ca3c6f8 (&cpuctx_lock){....}-{2:2}, at: __perf_event_task_sched_in+0x1a7/0xbc0 [ 39.920748] #2: ffff88800d91fc18 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_in+0x1f9/0xbc0 [ 39.921819] #3: ffffffff8725cd00 (rcu_read_lock){....}-{1:3}, at: perf_event_wakeup+0x6c/0x470
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-05-26
Generated
2026-06-16
AI Q&A
2026-03-25
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23311
EUVD
EUVD-2026-15253
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.19 (inc) to 6.19.7 (exc)
linux linux_kernel 7.0
linux linux_kernel From 6.15 (inc) to 6.18.17 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-667 The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is in the Linux kernel's perf subsystem, specifically in the event scheduling code within the function ctx_sched_in().

The issue involves an invalid wait context caused by locking a wait-queue lock while already holding the perf-context lock, which is not allowed. This leads to a bug detected by Lockdep, a kernel locking correctness validator.

The problem occurs when a pinned event fails and wakes up threads in the ring buffer, causing improper locking sequences that can lead to kernel warnings or instability.

The fix involves changing the locking mechanism to use irq_work instead of grabbing the wait-queue lock under the perf-context lock.

Impact Analysis

This vulnerability can cause kernel instability or crashes due to improper locking in the perf event scheduling code.

Such instability may lead to system hangs, degraded performance, or unexpected behavior in applications relying on the Linux kernel's performance monitoring features.

While no direct data breach or privilege escalation is described, system reliability and availability could be negatively affected.

Detection Guidance

This vulnerability manifests as an invalid wait context bug detected by Lockdep in the Linux kernel's perf/core subsystem. It can be identified by examining kernel logs for specific error messages related to invalid wait contexts during event scheduling.

  • Check kernel logs (e.g., using dmesg) for messages containing 'BUG: Invalid wait context' and references to perf_event functions such as __perf_event_task_sched_in or perf_event_wakeup.
  • Use the command: dmesg | grep 'BUG: Invalid wait context'
  • Look for stack traces in the logs that mention locks held by processes related to perf events.
Mitigation Strategies

The vulnerability has been resolved in the Linux kernel by fixing the invalid wait context in the perf/core subsystem. Immediate mitigation involves updating the Linux kernel to a version that includes this fix.

  • Upgrade your Linux kernel to a version released after 2026-03-25 that contains the patch for the invalid wait context in ctx_sched_in.
  • If upgrading immediately is not possible, consider disabling or limiting the use of perf events or related profiling tools until the patch can be applied.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23311. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart