CVE-2026-43482 (GCVE-0-2026-43482)
Vulnerability from cvelistv5 – Published: 2026-05-13 15:08 – Updated: 2026-05-13 15:08
VLAI?
Title
sched_ext: Disable preemption between scx_claim_exit() and kicking helper work
Summary
In the Linux kernel, the following vulnerability has been resolved:
sched_ext: Disable preemption between scx_claim_exit() and kicking helper work
scx_claim_exit() atomically sets exit_kind, which prevents scx_error() from
triggering further error handling. After claiming exit, the caller must kick
the helper kthread work which initiates bypass mode and teardown.
If the calling task gets preempted between claiming exit and kicking the
helper work, and the BPF scheduler fails to schedule it back (since error
handling is now disabled), the helper work is never queued, bypass mode
never activates, tasks stop being dispatched, and the system wedges.
Disable preemption across scx_claim_exit() and the subsequent work kicking
in all callers - scx_disable() and scx_vexit(). Add
lockdep_assert_preemption_disabled() to scx_claim_exit() to enforce the
requirement.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
f0e1a0643a59bf1f922fa209cec86a170b784f3f , < 41423912f7ac7494ccd6eef411227b4efce740e0
(git)
Affected: f0e1a0643a59bf1f922fa209cec86a170b784f3f , < 522acaae34aa7e05859260056b39c7c030592a0c (git) Affected: f0e1a0643a59bf1f922fa209cec86a170b784f3f , < 5131dbec2c10961b34f844bc30b400c3fa0bcc72 (git) Affected: f0e1a0643a59bf1f922fa209cec86a170b784f3f , < 83236b2e43dba00bee5b82eb5758816b1a674f6a (git) |
|
| Linux | Linux |
Affected:
6.12
Unaffected: 0 , < 6.12 (semver) Unaffected: 6.12.78 , ≤ 6.12.* (semver) Unaffected: 6.18.20 , ≤ 6.18.* (semver) Unaffected: 6.19.9 , ≤ 6.19.* (semver) Unaffected: 7.0 , ≤ * (original_commit_for_fix) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/sched/ext.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "41423912f7ac7494ccd6eef411227b4efce740e0",
"status": "affected",
"version": "f0e1a0643a59bf1f922fa209cec86a170b784f3f",
"versionType": "git"
},
{
"lessThan": "522acaae34aa7e05859260056b39c7c030592a0c",
"status": "affected",
"version": "f0e1a0643a59bf1f922fa209cec86a170b784f3f",
"versionType": "git"
},
{
"lessThan": "5131dbec2c10961b34f844bc30b400c3fa0bcc72",
"status": "affected",
"version": "f0e1a0643a59bf1f922fa209cec86a170b784f3f",
"versionType": "git"
},
{
"lessThan": "83236b2e43dba00bee5b82eb5758816b1a674f6a",
"status": "affected",
"version": "f0e1a0643a59bf1f922fa209cec86a170b784f3f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/sched/ext.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.12"
},
{
"lessThan": "6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.78",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.19.*",
"status": "unaffected",
"version": "6.19.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.78",
"versionStartIncluding": "6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.20",
"versionStartIncluding": "6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19.9",
"versionStartIncluding": "6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0",
"versionStartIncluding": "6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched_ext: Disable preemption between scx_claim_exit() and kicking helper work\n\nscx_claim_exit() atomically sets exit_kind, which prevents scx_error() from\ntriggering further error handling. After claiming exit, the caller must kick\nthe helper kthread work which initiates bypass mode and teardown.\n\nIf the calling task gets preempted between claiming exit and kicking the\nhelper work, and the BPF scheduler fails to schedule it back (since error\nhandling is now disabled), the helper work is never queued, bypass mode\nnever activates, tasks stop being dispatched, and the system wedges.\n\nDisable preemption across scx_claim_exit() and the subsequent work kicking\nin all callers - scx_disable() and scx_vexit(). Add\nlockdep_assert_preemption_disabled() to scx_claim_exit() to enforce the\nrequirement."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-13T15:08:29.739Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/41423912f7ac7494ccd6eef411227b4efce740e0"
},
{
"url": "https://git.kernel.org/stable/c/522acaae34aa7e05859260056b39c7c030592a0c"
},
{
"url": "https://git.kernel.org/stable/c/5131dbec2c10961b34f844bc30b400c3fa0bcc72"
},
{
"url": "https://git.kernel.org/stable/c/83236b2e43dba00bee5b82eb5758816b1a674f6a"
}
],
"title": "sched_ext: Disable preemption between scx_claim_exit() and kicking helper work",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-43482",
"datePublished": "2026-05-13T15:08:29.739Z",
"dateReserved": "2026-05-01T14:12:56.012Z",
"dateUpdated": "2026-05-13T15:08:29.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-43482",
"date": "2026-05-20",
"epss": "0.00023",
"percentile": "0.06579"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-43482\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-05-13T16:16:51.390\",\"lastModified\":\"2026-05-13T16:16:51.390\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nsched_ext: Disable preemption between scx_claim_exit() and kicking helper work\\n\\nscx_claim_exit() atomically sets exit_kind, which prevents scx_error() from\\ntriggering further error handling. After claiming exit, the caller must kick\\nthe helper kthread work which initiates bypass mode and teardown.\\n\\nIf the calling task gets preempted between claiming exit and kicking the\\nhelper work, and the BPF scheduler fails to schedule it back (since error\\nhandling is now disabled), the helper work is never queued, bypass mode\\nnever activates, tasks stop being dispatched, and the system wedges.\\n\\nDisable preemption across scx_claim_exit() and the subsequent work kicking\\nin all callers - scx_disable() and scx_vexit(). Add\\nlockdep_assert_preemption_disabled() to scx_claim_exit() to enforce the\\nrequirement.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/41423912f7ac7494ccd6eef411227b4efce740e0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/5131dbec2c10961b34f844bc30b400c3fa0bcc72\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/522acaae34aa7e05859260056b39c7c030592a0c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/83236b2e43dba00bee5b82eb5758816b1a674f6a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…