CVE-2026-43115
Description
In the Linux kernel, the following vulnerability has been resolved:
srcu: Use irq_work to start GP in tiny SRCU
Tiny SRCU's srcu_gp_start_if_needed() directly calls schedule_work(), which acquires the workqueue pool->lock.
This causes a lockdep splat when call_srcu() is called with a scheduler lock held, due to:
call_srcu() [holding pi_lock] srcu_gp_start_if_needed() schedule_work() -> pool->lock
workqueue_init() / create_worker() [holding pool->lock] wake_up_process() -> try_to_wake_up() -> pi_lock
Also add irq_work_sync() to cleanup_srcu_struct() to prevent a use-after-free if a queued irq_work fires after cleanup begins.
Tested with rcutorture SRCU-T and no lockdep warnings.
[ Thanks to Boqun for similar fix in patch "rcu: Use an intermediate irq_work to start process_srcu()" ]
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=4.12,<6.19.14
- cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
- osv-coords8 versionspkg:apk/chainguard/linux-aws-6.12pkg:apk/chainguard/linux-azure-6.12pkg:apk/chainguard/linux-azure-6.18pkg:apk/chainguard/linux-gcp-6.12pkg:apk/chainguard/linux-qemu-6.12pkg:apk/chainguard/linux-qemu-melangepkg:apk/chainguard/linux-vmware-6.12pkg:apk/chainguard/linux-vmware-6.18
< 6.12.85-r2+ 7 more
- (no CPE)range: < 6.12.85-r2
- (no CPE)range: < 6.12.85-r2
- (no CPE)range: < 6.18.24-r1
- (no CPE)range: < 6.12.85-r2
- (no CPE)range: < 6.12.85-r2
- (no CPE)range: < 6.18.28-r0
- (no CPE)range: < 6.12.85-r2
- (no CPE)range: < 6.18.24-r1
Patches
Vulnerability mechanics
References
2News mentions
1- Patch Tuesday - May 2026Rapid7 Blog · May 13, 2026