CVE-2026-43199
Race Condition in Linux Kernel mlx5e IPsec MAC Address Handling
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mlx5 | mlx5e | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a 'scheduling while atomic' bug in the Linux kernel's mlx5e IPsec driver. Specifically, the function mlx5e_ipsec_init_macs() called mlx5_query_mac_address() to get the local MAC address by querying hardware, which involves a call that can sleep (mlx5_cmd_exec()). However, this function was called from a workqueue running in atomic context, where sleeping is not allowed. This mismatch caused the bug.
The fix replaced the hardware query call with a direct copy of the MAC address from netdev->dev_addr, which is already available and does not require sleeping. This change avoids the problematic sleeping call and resolves the bug.
How can this vulnerability impact me? :
This vulnerability can cause kernel bugs related to improper scheduling in atomic context, potentially leading to system instability or crashes. Since the bug involves scheduling while atomic, it can trigger kernel warnings or BUGs, which may affect the reliability of systems using the mlx5e IPsec driver.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability manifests as a "scheduling while atomic" bug in the mlx5e_ipsec_handle_event workqueue, which can cause kernel BUG messages related to scheduling in atomic context.
To detect this issue on your system, you can monitor the kernel logs for messages indicating "BUG: scheduling while atomic" involving mlx5_core or mlx5e components.
Suggested commands to check for this vulnerability include:
- Use dmesg or journalctl to search for relevant kernel BUG messages: `dmesg | grep 'scheduling while atomic'` or `journalctl -k | grep 'scheduling while atomic'`
- Check for call traces involving mlx5_core functions in kernel logs.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is fixed by replacing the call to mlx5_query_mac_address() with ether_addr_copy() to avoid sleeping in atomic context.
Immediate mitigation steps include:
- Update your Linux kernel to a version that includes the fix for this issue.
- Avoid using affected mlx5e IPsec features until the patch is applied.
- Monitor kernel logs for the bug message to detect if the issue is occurring.