CVE-2026-43147
Awaiting Analysis Awaiting Analysis - Queue
Deadlock in Linux Kernel PCI/IOV Subsystem

Publication date: 2026-05-06

Last updated on: 2026-05-06

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: Revert "PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV" This reverts commit 05703271c3cd ("PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV"), which causes a deadlock by recursively taking pci_rescan_remove_lock when sriov_del_vfs() is called as part of pci_stop_and_remove_bus_device(). For example with the following sequence of commands: $ echo <NUM> > /sys/bus/pci/devices/<pf>/sriov_numvfs $ echo 1 > /sys/bus/pci/devices/<pf>/remove A trimmed trace of the deadlock on a mlx5 device is as below: zsh/5715 is trying to acquire lock: 000002597926ef50 (pci_rescan_remove_lock){+.+.}-{3:3}, at: sriov_disable+0x34/0x140 but task is already holding lock: 000002597926ef50 (pci_rescan_remove_lock){+.+.}-{3:3}, at: pci_stop_and_remove_bus_device_locked+0x24/0x80 ... Call Trace: [<00000259778c4f90>] dump_stack_lvl+0xc0/0x110 [<00000259779c844e>] print_deadlock_bug+0x31e/0x330 [<00000259779c1908>] __lock_acquire+0x16c8/0x32f0 [<00000259779bffac>] lock_acquire+0x14c/0x350 [<00000259789643a6>] __mutex_lock_common+0xe6/0x1520 [<000002597896413c>] mutex_lock_nested+0x3c/0x50 [<00000259784a07e4>] sriov_disable+0x34/0x140 [<00000258f7d6dd80>] mlx5_sriov_disable+0x50/0x80 [mlx5_core] [<00000258f7d5745e>] remove_one+0x5e/0xf0 [mlx5_core] [<00000259784857fc>] pci_device_remove+0x3c/0xa0 [<000002597851012e>] device_release_driver_internal+0x18e/0x280 [<000002597847ae22>] pci_stop_bus_device+0x82/0xa0 [<000002597847afce>] pci_stop_and_remove_bus_device_locked+0x5e/0x80 [<00000259784972c2>] remove_store+0x72/0x90 [<0000025977e6661a>] kernfs_fop_write_iter+0x15a/0x200 [<0000025977d7241c>] vfs_write+0x24c/0x300 [<0000025977d72696>] ksys_write+0x86/0x110 [<000002597895b61c>] __do_syscall+0x14c/0x400 [<000002597896e0ee>] system_call+0x6e/0x90 This alone is not a complete fix as it restores the issue the cited commit tried to solve. A new fix will be provided as a follow on.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-06
Generated
2026-05-07
AI Q&A
2026-05-06
EPSS Evaluated
N/A
NVD
CVE-2026-43147
EUVD
EUVD-2026-27707
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is related to the Linux kernel's handling of PCI SR-IOV (Single Root I/O Virtualization). A previous commit added locking to prevent issues when enabling or disabling SR-IOV, but this commit caused a deadlock. The deadlock happens because the system tries to acquire a lock it already holds recursively during certain operations, such as removing virtual functions (VFs) or stopping and removing PCI devices. This deadlock can freeze the system or the affected process.

The vulnerability was addressed by reverting the problematic commit, which removes the deadlock but also restores the original issue the commit tried to fix. A new fix is planned to properly resolve the problem.


How can this vulnerability impact me? :

This vulnerability can cause a deadlock in the Linux kernel when managing PCI devices with SR-IOV enabled. A deadlock means that certain system operations involving PCI device removal or virtual function management can hang indefinitely, potentially causing system instability or unresponsiveness.

If your system uses SR-IOV capable devices and performs operations like enabling/disabling virtual functions or removing PCI devices, this deadlock could disrupt normal operation, leading to service interruptions or requiring a system reboot.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by observing a deadlock occurring when enabling or disabling SR-IOV on PCI devices. Specifically, a deadlock happens due to recursive locking of pci_rescan_remove_lock during the call to sriov_del_vfs() as part of pci_stop_and_remove_bus_device().

A typical sequence that may trigger the deadlock is:

  • $ echo <NUM> > /sys/bus/pci/devices/<pf>/sriov_numvfs
  • $ echo 1 > /sys/bus/pci/devices/<pf>/remove

Monitoring kernel logs for deadlock traces involving pci_rescan_remove_lock and sriov_disable functions can also help detect the issue.


What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation is to avoid performing operations that enable or disable SR-IOV on PCI devices, such as writing to sriov_numvfs or removing PCI devices, until a proper fix is released.

Since the revert of the problematic commit restores the deadlock issue, waiting for the forthcoming fix and applying kernel updates as soon as they become available is recommended.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart