CVE-2026-43292
RCU Stall in Linux Kernel Due to KASAN vmalloc Cleanup
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can cause the system to experience RCU stalls, where CPUs or tasks are blocked for extended periods. This can lead to degraded system responsiveness and performance.
In severe cases, the prolonged CPU hold can cause out-of-memory (OOM) conditions, potentially leading to system instability or crashes.
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's memory management subsystem, specifically in the vmalloc area when CONFIG_PAGE_OWNER is enabled. During the cleanup of vmalloc areas, freeing KASAN shadow pages triggers expensive stack unwinding operations that acquire RCU (Read-Copy-Update) read locks.
When processing a large list of memory areas (purge_list) without rescheduling, the task can hold the CPU for extended periods (over 10 seconds), causing RCU stalls and potentially leading to out-of-memory (OOM) conditions.
The root cause is that each freed page triggers a stack unwinding operation under an RCU read lock, creating an unbounded RCU critical section. The fix involves adding periodic rescheduling points (cond_resched calls) within the loop to allow RCU grace periods to complete, other tasks to run, and the scheduler to preempt when needed.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability manifests as RCU stalls and potential out-of-memory (OOM) conditions during vmalloc cleanup when CONFIG_PAGE_OWNER is enabled.
You can detect the issue by monitoring kernel logs for messages indicating RCU stalls, such as lines containing "rcu_preempt detected stalls on CPUs/tasks" or tasks blocked on rcu_node.
Example kernel log messages to look for include:
- rcu: INFO: rcu_preempt detected stalls on CPUs/tasks
- rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): ...
- task stack traces referencing kasan_release_vmalloc_node and purge_vmap_node in mm/vmalloc.c
To check kernel logs for these messages, you can use commands like:
- dmesg | grep -i rcu
- journalctl -k | grep -i rcu
- grep -i 'kasan_release_vmalloc_node' /var/log/kern.log
Monitoring CPU usage for long-running tasks related to vmalloc cleanup and checking for OOM events may also help detect the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is caused by the lack of rescheduling during freeing of KASAN shadow pages, leading to long RCU critical sections and stalls.
Immediate mitigation steps include:
- Apply the patch that adds periodic cond_resched() calls within the loop freeing shadow pages to allow RCU grace periods to complete and scheduler preemption.
- Ensure your Linux kernel is updated to a version that includes the fix for this issue (post 2026-05-08).
- If updating immediately is not possible, consider disabling CONFIG_PAGE_OWNER temporarily to avoid triggering the expensive stack unwinding during vmalloc cleanup.
These steps help prevent long CPU holds and RCU stalls caused by the vulnerability.