CVE-2026-45919
Awaiting Analysis Awaiting Analysis - Queue
Hardlockup in Linux Kernel Due to Self-IPI Loop

Publication date: 2026-05-27

Last updated on: 2026-05-27

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: sched/rt: Skip currently executing CPU in rto_next_cpu() CPU0 becomes overloaded when hosting a CPU-bound RT task, a non-CPU-bound RT task, and a CFS task stuck in kernel space. When other CPUs switch from RT to non-RT tasks, RT load balancing (LB) is triggered; with HAVE_RT_PUSH_IPI enabled, they send IPIs to CPU0 to drive the execution of rto_push_irq_work_func. During push_rt_task on CPU0, if next_task->prio < rq->donor->prio, resched_curr() sets NEED_RESCHED and after the push operation completes, CPU0 calls rto_next_cpu(). Since only CPU0 is overloaded in this scenario, rto_next_cpu() should ideally return -1 (no further IPI needed). However, multiple CPUs invoking tell_cpu_to_push() during LB increments rd->rto_loop_next. Even when rd->rto_cpu is set to -1, the mismatch between rd->rto_loop and rd->rto_loop_next forces rto_next_cpu() to restart its search from -1. With CPU0 remaining overloaded (satisfying rt_nr_migratory && rt_nr_total > 1), it gets reselected, causing CPU0 to queue irq_work to itself and send self-IPIs repeatedly. As long as CPU0 stays overloaded and other CPUs run pull_rt_tasks(), it falls into an infinite self-IPI loop, which triggers a CPU hardlockup due to continuous self-interrupts. The trigging scenario is as follows: cpu0 cpu1 cpu2 pull_rt_task tell_cpu_to_push <------------irq_work_queue_on rto_push_irq_work_func push_rt_task resched_curr(rq) pull_rt_task rto_next_cpu tell_cpu_to_push <-------------------------- atomic_inc(rto_loop_next) rd->rto_loop != next rto_next_cpu irq_work_queue_on rto_push_irq_work_func Fix redundant self-IPI by filtering the initiating CPU in rto_next_cpu(). This solution has been verified to effectively eliminate spurious self-IPIs and prevent CPU hardlockup scenarios.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-05-27
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-45919
EUVD
EUVD-2026-32385
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's real-time (RT) scheduler load balancing mechanism. When CPU0 is overloaded with a mix of CPU-bound RT tasks, non-CPU-bound RT tasks, and Completely Fair Scheduler (CFS) tasks stuck in kernel space, an infinite loop of self-interrupts (self-IPIs) can occur. This happens because the function rto_next_cpu() incorrectly allows CPU0 to be selected repeatedly for pushing RT tasks to itself, causing continuous self-interrupts.

The root cause is a mismatch in internal counters (rd->rto_loop and rd->rto_loop_next) during load balancing, which leads to CPU0 being reselected despite being overloaded. This results in CPU0 queuing interrupt work to itself repeatedly, causing a CPU hardlockup due to continuous self-interrupts.

The fix involves modifying rto_next_cpu() to skip the currently executing CPU (CPU0 in this case) to prevent redundant self-IPIs, effectively eliminating the infinite self-interrupt loop and preventing CPU hardlockup.

Impact Analysis

This vulnerability can cause CPU0 to enter a hardlockup state due to continuous self-interrupts, effectively freezing that CPU core. This can degrade system performance, cause system instability, or lead to a denial of service on affected systems running real-time workloads.

Systems relying on real-time scheduling for critical tasks may experience interruptions or failures, impacting applications that require timely processing.

Mitigation Strategies

The vulnerability has been resolved by a fix in the Linux kernel that filters the initiating CPU in the rto_next_cpu() function to prevent redundant self-IPIs and CPU hardlockup.

To mitigate this vulnerability immediately, you should update your Linux kernel to a version that includes this fix.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45919. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart