CVE-2026-23419
Received Received - Intake
Circular Locking Dependency in Linux Kernel RDS TCP Component

Publication date: 2026-04-03

Last updated on: 2026-04-27

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net/rds: Fix circular locking dependency in rds_tcp_tune syzbot reported a circular locking dependency in rds_tcp_tune() where sk_net_refcnt_upgrade() is called while holding the socket lock: ====================================================== WARNING: possible circular locking dependency detected ====================================================== kworker/u10:8/15040 is trying to acquire lock: ffffffff8e9aaf80 (fs_reclaim){+.+.}-{0:0}, at: __kmalloc_cache_noprof+0x4b/0x6f0 but task is already holding lock: ffff88805a3c1ce0 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at: rds_tcp_tune+0xd7/0x930 The issue occurs because sk_net_refcnt_upgrade() performs memory allocation (via get_net_track() -> ref_tracker_alloc()) while the socket lock is held, creating a circular dependency with fs_reclaim. Fix this by moving sk_net_refcnt_upgrade() outside the socket lock critical section. This is safe because the fields modified by the sk_net_refcnt_upgrade() call (sk_net_refcnt, ns_tracker) are not accessed by any concurrent code path at this point. v2: - Corrected fixes tag - check patch line wrap nits - ai commentary nits
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-03
Last Modified
2026-04-27
Generated
2026-06-16
AI Q&A
2026-04-03
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23419
EUVD
EUVD-2026-18636
Affected Vendors & Products
Showing 13 associated CPEs
Vendor Product Version / Range
linux linux_kernel 5.18
linux linux_kernel From 6.19 (inc) to 6.19.7 (exc)
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.13 (inc) to 6.18.17 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.77 (exc)
linux linux_kernel From 5.17.7 (inc) to 5.18 (exc)
linux linux_kernel From 5.18.1 (inc) to 6.6.130 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-667 The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a circular locking dependency in the Linux kernel's RDS (Reliable Datagram Sockets) TCP tuning code, specifically in the function rds_tcp_tune().

The problem occurs because the function sk_net_refcnt_upgrade() is called while holding the socket lock, and this function performs memory allocation that can trigger another lock (fs_reclaim). This creates a circular dependency between the socket lock and the fs_reclaim lock, which can lead to deadlocks.

The fix involved moving the call to sk_net_refcnt_upgrade() outside of the socket lock critical section, ensuring that the fields it modifies are not accessed concurrently, thus breaking the circular locking dependency.

Impact Analysis

This vulnerability can cause deadlocks in the Linux kernel when the circular locking dependency is triggered. Deadlocks can lead to system hangs or degraded performance, affecting the stability and reliability of systems running the vulnerable kernel.

Mitigation Strategies

The vulnerability is fixed by moving the sk_net_refcnt_upgrade() call outside the socket lock critical section in the Linux kernel code, specifically in the net/rds subsystem.

To mitigate this vulnerability immediately, you should update your Linux kernel to a version that includes this fix.

Detection Guidance

This vulnerability involves a circular locking dependency detected in the Linux kernel's rds_tcp_tune function, which can be identified by kernel warnings about circular locking dependencies.

To detect this issue on your system, you should monitor your kernel logs for warnings similar to the following message:

  • WARNING: possible circular locking dependency detected
  • Details about tasks trying to acquire locks while already holding others, specifically involving rds_tcp_tune and socket locks.

You can check your kernel logs using commands such as:

  • dmesg | grep -i 'circular locking dependency'
  • journalctl -k | grep -i 'circular locking dependency'

These commands will help you identify if the kernel has logged any circular locking dependency warnings related to this vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23419. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart