CVE-2026-43326

MEDIUM

sched_ext: Fix SCX_KICK_WAIT deadlock by deferring wait to balance callback

Title source: cna

Description

In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix SCX_KICK_WAIT deadlock by deferring wait to balance callback SCX_KICK_WAIT busy-waits in kick_cpus_irq_workfn() using smp_cond_load_acquire() until the target CPU's kick_sync advances. Because the irq_work runs in hardirq context, the waiting CPU cannot reschedule and its own kick_sync never advances. If multiple CPUs form a wait cycle, all CPUs deadlock. Replace the busy-wait in kick_cpus_irq_workfn() with resched_curr() to force the CPU through do_pick_task_scx(), which queues a balance callback to perform the wait. The balance callback drops the rq lock and enables IRQs following the sched_core_balance() pattern, so the CPU can process IPIs while waiting. The local CPU's kick_sync is advanced on entry to do_pick_task_scx() and continuously during the wait, ensuring any CPU that starts waiting for us sees the advancement and cannot form cyclic dependencies.

References (2)

Core 2

Core References

https://git.kernel.org/stable/c/c3a7903f65cf4c7fb0477eb0f8b94f326a47fe54

https://git.kernel.org/stable/c/415cb193bb9736f0e830286c72a6fa8eb2a9cc5c

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 2.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-667

Status published

Products (8)

Linux/Linux < 6.12

Linux/Linux 6.12

Linux/Linux 6.19.12 - 6.19.*

Linux/Linux 7.0

Linux/Linux 90e55164dad42c6546b698c031697b224a320834 - 415cb193bb9736f0e830286c72a6fa8eb2a9cc5c

Linux/Linux 90e55164dad42c6546b698c031697b224a320834 - c3a7903f65cf4c7fb0477eb0f8b94f326a47fe54

linux/linux_kernel 7.0 rc1 (7 CPE variants)

linux/linux_kernel 6.12 - 6.19.12

Published May 08, 2026

Tracked Since May 08, 2026