Linux Kernel Vulnerability in rtmutex Component Affecting Multiple Versions
CVE-2026-43499

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 21 May 2026

What is CVE-2026-43499?

A vulnerability exists in the Linux kernel's rtmutex component where the remove_waiter() function incorrectly utilizes current instead of waiter::task during a dequeue operation within various mutex handling paths. This mismanagement leads to multiple issues, including potential use-after-free vulnerabilities due to dangling pointers and improper priority management across tasks. The implications of this vulnerability necessitate careful attention to maintain system integrity and security.

Affected Version(s)

Linux 8161239a8bcce9ad6b537c04a1fa3b5c68bae693 < 8a1fc8d698ac5e5916e3082a0f74450d71f9611f

Linux 8161239a8bcce9ad6b537c04a1fa3b5c68bae693 < 6d52dfcb2a5db86e346cf51f8fcf2071b8085166

Linux 8161239a8bcce9ad6b537c04a1fa3b5c68bae693 < 3fb7394a837740770f0d6b4b30567e60786a63f2

References

https://git.kernel.org/stable/c/8a1fc8d698ac5e5916e3082a0...

https://git.kernel.org/stable/c/6d52dfcb2a5db86e346cf51f8...

https://git.kernel.org/stable/c/3fb7394a837740770f0d6b4b3...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 21, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43499 Data

JSON