CVE-2026-43326

Source
https://cve.org/CVERecord?id=CVE-2026-43326
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43326.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-43326
Downstream
Published
2026-05-08T13:31:10.184Z
Modified
2026-07-08T08:13:28.154890876Z
Summary
sched_ext: Fix SCX_KICK_WAIT deadlock by deferring wait to balance callback
Details

In the Linux kernel, the following vulnerability has been resolved:

schedext: Fix SCXKICK_WAIT deadlock by deferring wait to balance callback

SCXKICKWAIT busy-waits in kickcpusirqworkfn() using smpcondloadacquire() until the target CPU's kicksync advances. Because the irqwork runs in hardirq context, the waiting CPU cannot reschedule and its own kick_sync never advances. If multiple CPUs form a wait cycle, all CPUs deadlock.

Replace the busy-wait in kickcpusirqworkfn() with reschedcurr() to force the CPU through dopicktaskscx(), which queues a balance callback to perform the wait. The balance callback drops the rq lock and enables IRQs following the schedcorebalance() pattern, so the CPU can process IPIs while waiting. The local CPU's kicksync is advanced on entry to dopicktask_scx() and continuously during the wait, ensuring any CPU that starts waiting for us sees the advancement and cannot form cyclic dependencies.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43326.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
90e55164dad42c6546b698c031697b224a320834
Fixed
c3a7903f65cf4c7fb0477eb0f8b94f326a47fe54
Fixed
415cb193bb9736f0e830286c72a6fa8eb2a9cc5c

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43326.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.12.0
Fixed
6.19.12

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43326.json"