CVE-2026-53314
Received Received - Intake
Padata CPU Dead Callback Failure in Linux Kernel

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: padata: Put CPU offline callback in ONLINE section to allow failure syzbot reported the following warning: DEAD callback error for CPU1 WARNING: kernel/cpu.c:1463 at _cpu_down+0x759/0x1020 kernel/cpu.c:1463, CPU#0: syz.0.1960/14614 at commit 4ae12d8bd9a8 ("Merge tag 'kbuild-fixes-7.0-2' of git://git.kernel.org/pub/scm/linux/kernel/git/kbuild/linux") which tglx traced to padata_cpu_dead() given it's the only sub-CPUHP_TEARDOWN_CPU callback that returns an error. Failure isn't allowed in hotplug states before CPUHP_TEARDOWN_CPU so move the CPU offline callback to the ONLINE section where failure is possible.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-27
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-53314
EUVD
EUVD-2026-39849
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux linux_kernel *
linux linux_kernel to 7.0-2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel involves the handling of CPU offline callbacks within the padata subsystem. Specifically, a CPU offline callback was placed in a section where failure was not allowed, causing errors during CPU hotplug operations. The fix involved moving the CPU offline callback to a section where failure is permitted, preventing the kernel from encountering a DEAD callback error when taking a CPU offline.

Impact Analysis

This vulnerability can cause kernel errors or warnings related to CPU hotplug operations, such as the DEAD callback error. This may lead to instability or unexpected behavior when CPUs are taken offline, potentially affecting system reliability and uptime.

Detection Guidance

This vulnerability relates to a CPU offline callback issue in the Linux kernel, which can cause a DEAD callback error and kernel warnings related to CPU hotplug states.

Detection would involve monitoring kernel logs for specific warning messages such as:

  • DEAD callback error for CPU1
  • WARNING: kernel/cpu.c:1463 at _cpu_down+0x759/0x1020

You can use commands like `dmesg | grep -i 'DEAD callback error'` or `journalctl -k | grep -i 'cpu.c:1463'` to search for these warnings in kernel logs.

Mitigation Strategies

The vulnerability has been resolved by moving the CPU offline callback to the ONLINE section where failure is allowed.

Immediate mitigation steps include updating your Linux kernel to a version that contains the fix (commit 4ae12d8bd9a8 or later).

Until the update is applied, monitor for the described kernel warnings and avoid CPU hotplug operations that may trigger the issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53314. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart