CVE-2026-43115
Awaiting Analysis Awaiting Analysis - Queue
Linux Kernel Tiny SRCU Lock Dependency Fix

Publication date: 2026-05-06

Last updated on: 2026-05-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: srcu: Use irq_work to start GP in tiny SRCU Tiny SRCU's srcu_gp_start_if_needed() directly calls schedule_work(), which acquires the workqueue pool->lock. This causes a lockdep splat when call_srcu() is called with a scheduler lock held, due to: call_srcu() [holding pi_lock] srcu_gp_start_if_needed() schedule_work() -> pool->lock workqueue_init() / create_worker() [holding pool->lock] wake_up_process() -> try_to_wake_up() -> pi_lock Also add irq_work_sync() to cleanup_srcu_struct() to prevent a use-after-free if a queued irq_work fires after cleanup begins. Tested with rcutorture SRCU-T and no lockdep warnings. [ Thanks to Boqun for similar fix in patch "rcu: Use an intermediate irq_work to start process_srcu()" ]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-08
Generated
2026-06-16
AI Q&A
2026-05-06
EPSS Evaluated
2026-06-15
NVD
CVE-2026-43115
EUVD
EUVD-2026-27639
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 4.12 (inc) to 6.19.14 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's tiny SRCU (Sleepable Read-Copy Update) implementation. The function srcu_gp_start_if_needed() directly calls schedule_work(), which acquires a lock on the workqueue pool. This leads to a lock dependency cycle (lockdep splat) when call_srcu() is called while holding a scheduler lock, causing potential deadlocks or kernel warnings.

Additionally, there was a risk of a use-after-free condition if a queued irq_work fired after cleanup_srcu_struct() began. The fix involved using irq_work to start the grace period and adding irq_work_sync() to cleanup_srcu_struct() to prevent this use-after-free.

Impact Analysis

This vulnerability can cause kernel lock dependency issues, potentially leading to deadlocks or kernel warnings that affect system stability. The use-after-free risk could lead to undefined behavior or kernel crashes if irq_work fires after cleanup has started.

Overall, it impacts the reliability and stability of the Linux kernel, which could affect any system running a vulnerable kernel version.

Detection Guidance

This vulnerability relates to a lockdep splat caused by the interaction of srcu_gp_start_if_needed() and schedule_work() when called with a scheduler lock held in the Linux kernel.

Detection would involve monitoring for lockdep warnings related to SRCU (Sleepable Read-Copy Update) and scheduler locks in the kernel logs.

You can check for lockdep warnings by examining the kernel log using commands such as:

  • dmesg | grep -i lockdep
  • journalctl -k | grep -i lockdep

Additionally, running kernel debugging tools like rcutorture SRCU-T tests can help identify this issue as it was tested with these tools.

Mitigation Strategies

The vulnerability has been resolved by modifying srcu_gp_start_if_needed() to use irq_work to start GP in tiny SRCU, preventing the lockdep splat.

Immediate mitigation steps include:

  • Update your Linux kernel to a version that includes the fix for this vulnerability.
  • Ensure that irq_work_sync() is added to cleanup_srcu_struct() to prevent use-after-free conditions.
  • Avoid running workloads or kernel modules that trigger call_srcu() with scheduler locks held until the fix is applied.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43115. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart