CVE-2026-43326
Received Received - Intake
Deadlock in Linux Kernel sched_ext

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix SCX_KICK_WAIT deadlock by deferring wait to balance callback SCX_KICK_WAIT busy-waits in kick_cpus_irq_workfn() using smp_cond_load_acquire() until the target CPU's kick_sync advances. Because the irq_work runs in hardirq context, the waiting CPU cannot reschedule and its own kick_sync never advances. If multiple CPUs form a wait cycle, all CPUs deadlock. Replace the busy-wait in kick_cpus_irq_workfn() with resched_curr() to force the CPU through do_pick_task_scx(), which queues a balance callback to perform the wait. The balance callback drops the rq lock and enables IRQs following the sched_core_balance() pattern, so the CPU can process IPIs while waiting. The local CPU's kick_sync is advanced on entry to do_pick_task_scx() and continuously during the wait, ensuring any CPU that starts waiting for us sees the advancement and cannot form cyclic dependencies.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-06-19
AI Q&A
2026-05-08
EPSS Evaluated
2026-06-18
NVD
CVE-2026-43326
EUVD
EUVD-2026-28610
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in the Linux kernel's scheduler extension (sched_ext) where a deadlock can happen due to the SCX_KICK_WAIT mechanism. Specifically, SCX_KICK_WAIT busy-waits in the function kick_cpus_irq_workfn() using smp_cond_load_acquire() until the target CPU's kick_sync advances. However, because this irq_work runs in hardirq context, the waiting CPU cannot reschedule, preventing its own kick_sync from advancing. When multiple CPUs form a wait cycle, this results in a deadlock.

The fix replaces the busy-wait with a call to resched_curr(), which forces the CPU to go through do_pick_task_scx(). This queues a balance callback that performs the wait while dropping the rq lock and enabling interrupts, allowing the CPU to process inter-processor interrupts (IPIs) during the wait. This ensures the local CPU's kick_sync advances continuously, preventing cyclic dependencies and deadlocks.

Impact Analysis

This vulnerability can cause a deadlock situation in the Linux kernel scheduler when multiple CPUs form a wait cycle. Such a deadlock can halt CPU scheduling operations, potentially leading to system hangs or degraded performance. This can impact system stability and availability, especially on multi-CPU systems running affected Linux kernel versions.

Mitigation Strategies

The vulnerability has been resolved by modifying the Linux kernel scheduler to replace a busy-wait loop with a rescheduling mechanism that prevents deadlocks.

Immediate mitigation steps would involve updating the Linux kernel to a version that includes this fix.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43326. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart