CVE-2026-43199
Analyzed Analyzed - Analysis Complete
Race Condition in Linux Kernel mlx5e IPsec MAC Address Handling

Publication date: 2026-05-06

Last updated on: 2026-05-11

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query Fix a "scheduling while atomic" bug in mlx5e_ipsec_init_macs() by replacing mlx5_query_mac_address() with ether_addr_copy() to get the local MAC address directly from netdev->dev_addr. The issue occurs because mlx5_query_mac_address() queries the hardware which involves mlx5_cmd_exec() that can sleep, but it is called from the mlx5e_ipsec_handle_event workqueue which runs in atomic context. The MAC address is already available in netdev->dev_addr, so no need to query hardware. This avoids the sleeping call and resolves the bug. Call trace: BUG: scheduling while atomic: kworker/u112:2/69344/0x00000200 __schedule+0x7ab/0xa20 schedule+0x1c/0xb0 schedule_timeout+0x6e/0xf0 __wait_for_common+0x91/0x1b0 cmd_exec+0xa85/0xff0 [mlx5_core] mlx5_cmd_exec+0x1f/0x50 [mlx5_core] mlx5_query_nic_vport_mac_address+0x7b/0xd0 [mlx5_core] mlx5_query_mac_address+0x19/0x30 [mlx5_core] mlx5e_ipsec_init_macs+0xc1/0x720 [mlx5_core] mlx5e_ipsec_build_accel_xfrm_attrs+0x422/0x670 [mlx5_core] mlx5e_ipsec_handle_event+0x2b9/0x460 [mlx5_core] process_one_work+0x178/0x2e0 worker_thread+0x2ea/0x430
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-11
Generated
2026-06-16
AI Q&A
2026-05-06
EPSS Evaluated
2026-06-15
NVD
CVE-2026-43199
EUVD
EUVD-2026-27762
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel From 6.13 (inc) to 6.18.16 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.6 (exc)
linux linux_kernel From 6.2 (inc) to 6.12.75 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a 'scheduling while atomic' bug in the Linux kernel's mlx5e IPsec driver. Specifically, the function mlx5e_ipsec_init_macs() called mlx5_query_mac_address() to get the local MAC address by querying hardware, which involves a call that can sleep (mlx5_cmd_exec()). However, this function was called from a workqueue running in atomic context, where sleeping is not allowed. This mismatch caused the bug.

The fix replaced the hardware query call with a direct copy of the MAC address from netdev->dev_addr, which is already available and does not require sleeping. This change avoids the problematic sleeping call and resolves the bug.

Impact Analysis

This vulnerability can cause kernel bugs related to improper scheduling in atomic context, potentially leading to system instability or crashes. Since the bug involves scheduling while atomic, it can trigger kernel warnings or BUGs, which may affect the reliability of systems using the mlx5e IPsec driver.

Detection Guidance

This vulnerability manifests as a "scheduling while atomic" bug in the mlx5e_ipsec_handle_event workqueue, which can cause kernel BUG messages related to scheduling in atomic context.

To detect this issue on your system, you can monitor the kernel logs for messages indicating "BUG: scheduling while atomic" involving mlx5_core or mlx5e components.

Suggested commands to check for this vulnerability include:

  • Use dmesg or journalctl to search for relevant kernel BUG messages: `dmesg | grep 'scheduling while atomic'` or `journalctl -k | grep 'scheduling while atomic'`
  • Check for call traces involving mlx5_core functions in kernel logs.
Mitigation Strategies

The vulnerability is fixed by replacing the call to mlx5_query_mac_address() with ether_addr_copy() to avoid sleeping in atomic context.

Immediate mitigation steps include:

  • Update your Linux kernel to a version that includes the fix for this issue.
  • Avoid using affected mlx5e IPsec features until the patch is applied.
  • Monitor kernel logs for the bug message to detect if the issue is occurring.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43199. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart