Scheduler Lock Vulnerability in Linux Kernel Affecting Work Queue Process
CVE-2026-43115

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 May 2026

What is CVE-2026-43115?

A vulnerability has been identified in the Linux kernel related to the tiny SRCU that can lead to potential deadlocks due to improper locking mechanisms. Specifically, the 'srcu_gp_start_if_needed()' function calls 'schedule_work()' while holding a scheduler lock, causing a lock dependency issue when 'call_srcu()' is invoked. Additionally, a potential use-after-free vulnerability may occur if a queued irq_work is triggered after the cleanup has started. Mitigation steps that have been tested effectively prevent these issues, ensuring smoother operation and enhanced security.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 6.19.14 <= 6.19.*

References

https://git.kernel.org/stable/c/bb37286db65368cb72ba8757a...

https://git.kernel.org/stable/c/a6fc88b22bc8d12ad52e8412c...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43115 Data

JSON