CVE-2026-43115
Awaiting Analysis Awaiting Analysis - Queue

Linux Kernel Tiny SRCU Lock Dependency Fix

Vulnerability report for CVE-2026-43115, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-05-06

Last updated on: 2026-05-08

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: srcu: Use irq_work to start GP in tiny SRCU Tiny SRCU's srcu_gp_start_if_needed() directly calls schedule_work(), which acquires the workqueue pool->lock. This causes a lockdep splat when call_srcu() is called with a scheduler lock held, due to: call_srcu() [holding pi_lock] srcu_gp_start_if_needed() schedule_work() -> pool->lock workqueue_init() / create_worker() [holding pool->lock] wake_up_process() -> try_to_wake_up() -> pi_lock Also add irq_work_sync() to cleanup_srcu_struct() to prevent a use-after-free if a queued irq_work fires after cleanup begins. Tested with rcutorture SRCU-T and no lockdep warnings. [ Thanks to Boqun for similar fix in patch "rcu: Use an intermediate irq_work to start process_srcu()" ]

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-06
Last Modified
2026-05-08
Generated
2026-07-06
AI Q&A
2026-05-06
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 6 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 4.12 (inc) to 6.19.14 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's tiny SRCU (Sleepable Read-Copy Update) implementation. The function srcu_gp_start_if_needed() directly calls schedule_work(), which acquires a lock on the workqueue pool. This leads to a lock dependency cycle (lockdep splat) when call_srcu() is called while holding a scheduler lock, causing potential deadlocks or kernel warnings.

Additionally, there was a risk of a use-after-free condition if a queued irq_work fired after cleanup_srcu_struct() began. The fix involved using irq_work to start the grace period and adding irq_work_sync() to cleanup_srcu_struct() to prevent this use-after-free.

Impact Analysis

This vulnerability can cause kernel lock dependency issues, potentially leading to deadlocks or kernel warnings that affect system stability. The use-after-free risk could lead to undefined behavior or kernel crashes if irq_work fires after cleanup has started.

Overall, it impacts the reliability and stability of the Linux kernel, which could affect any system running a vulnerable kernel version.

Detection Guidance

This vulnerability relates to a lockdep splat caused by the interaction of srcu_gp_start_if_needed() and schedule_work() when called with a scheduler lock held in the Linux kernel.

Detection would involve monitoring for lockdep warnings related to SRCU (Sleepable Read-Copy Update) and scheduler locks in the kernel logs.

You can check for lockdep warnings by examining the kernel log using commands such as:

  • dmesg | grep -i lockdep
  • journalctl -k | grep -i lockdep

Additionally, running kernel debugging tools like rcutorture SRCU-T tests can help identify this issue as it was tested with these tools.

Mitigation Strategies

The vulnerability has been resolved by modifying srcu_gp_start_if_needed() to use irq_work to start GP in tiny SRCU, preventing the lockdep splat.

Immediate mitigation steps include:

  • Update your Linux kernel to a version that includes the fix for this vulnerability.
  • Ensure that irq_work_sync() is added to cleanup_srcu_struct() to prevent use-after-free conditions.
  • Avoid running workloads or kernel modules that trigger call_srcu() with scheduler locks held until the fix is applied.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43115. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart