CVE-2026-43469
Analyzed Analyzed - Analysis Complete
Race Condition in Linux Kernel xprtrdma Module

Publication date: 2026-05-08

Last updated on: 2026-05-21

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: xprtrdma: Decrement re_receiving on the early exit paths In the event that rpcrdma_post_recvs() fails to create a work request (due to memory allocation failure, say) or otherwise exits early, we should decrement ep->re_receiving before returning. Otherwise we will hang in rpcrdma_xprt_drain() as re_receiving will never reach zero and the completion will never be triggered. On a system with high memory pressure, this can appear as the following hung task: INFO: task kworker/u385:17:8393 blocked for more than 122 seconds. Tainted: G S E 6.19.0 #3 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u385:17 state:D stack:0 pid:8393 tgid:8393 ppid:2 task_flags:0x4248060 flags:0x00080000 Workqueue: xprtiod xprt_autoclose [sunrpc] Call Trace: <TASK> __schedule+0x48b/0x18b0 ? ib_post_send_mad+0x247/0xae0 [ib_core] schedule+0x27/0xf0 schedule_timeout+0x104/0x110 __wait_for_common+0x98/0x180 ? __pfx_schedule_timeout+0x10/0x10 wait_for_completion+0x24/0x40 rpcrdma_xprt_disconnect+0x444/0x460 [rpcrdma] xprt_rdma_close+0x12/0x40 [rpcrdma] xprt_autoclose+0x5f/0x120 [sunrpc] process_one_work+0x191/0x3e0 worker_thread+0x2e3/0x420 ? __pfx_worker_thread+0x10/0x10 kthread+0x10d/0x230 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x273/0x2b0 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-21
Generated
2026-06-19
AI Q&A
2026-05-08
EPSS Evaluated
2026-06-18
NVD
CVE-2026-43469
EUVD
EUVD-2026-28775
Affected Vendors & Products
Showing 9 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.2 (inc) to 6.6.130 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.167 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.19 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.78 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.9 (exc)
linux linux_kernel From 5.13 (inc) to 5.15.203 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's xprtrdma component. It occurs when the function rpcrdma_post_recvs() fails to create a work request, for example due to memory allocation failure, or exits early without decrementing the re_receiving counter. Because re_receiving is not decremented, the system hangs in the rpcrdma_xprt_drain() function as it waits for re_receiving to reach zero, which never happens. This leads to a hung task situation where certain kernel worker threads become blocked indefinitely.

Impact Analysis

The impact of this vulnerability is that on systems experiencing high memory pressure, kernel worker threads can become blocked for extended periods, causing system hangs or degraded performance. This can affect system stability and responsiveness, potentially disrupting services that rely on the Linux kernel's networking and remote direct memory access (RDMA) functionality.

Detection Guidance

This vulnerability can manifest as a hung task in the Linux kernel, specifically a blocked kworker thread related to the xprtrdma and rpcrdma subsystems.

You can detect it by looking for hung tasks with messages similar to the following in your system logs or dmesg output:

  • INFO: task kworker/u385:17:8393 blocked for more than 122 seconds.
  • Workqueue: xprtiod xprt_autoclose [sunrpc]

To investigate, you can use commands such as:

  • dmesg | grep 'blocked for more than'
  • ps -eo pid,comm,state,wchan | grep kworker
  • cat /proc/sys/kernel/hung_task_timeout_secs (to check or adjust hung task timeout)
Mitigation Strategies

Immediate mitigation involves addressing the hung task caused by the decrement issue in the xprtrdma subsystem.

One temporary step is to disable the hung task timeout message by running:

  • echo 0 > /proc/sys/kernel/hung_task_timeout_secs

However, this only suppresses the symptom and does not fix the underlying issue.

The proper mitigation is to update the Linux kernel to a version where this vulnerability is resolved, as the issue occurs when rpcrdma_post_recvs() fails to decrement re_receiving on early exit paths.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43469. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart