Skip to main content

Linux Kernel CVE-2026-43385

| EUVDEUVD-2026-28691 HIGH
2026-05-08 Linux GHSA-c4q6-6h64-7hfv
High
Disputed · 7.5 NVD
Share

Severity by source

Sources disagree (Low–High)
NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
SUSE
HIGH
qualitative
Red Hat
5.5 LOW
qualitative

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
May 11, 2026 - 08:32 vuln.today
CVSS changed
May 11, 2026 - 08:22 NVD
7.5 (HIGH)
Patch available
May 08, 2026 - 16:18 EUVD
CVE Published
May 08, 2026 - 14:21 nvd
HIGH 7.5
CVE Published
May 08, 2026 - 14:21 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

net: Fix rcu_tasks stall in threaded busypoll

I was debugging a NIC driver when I noticed that when I enable threaded busypoll, bpftrace hangs when starting up. dmesg showed:

rcu_tasks_wait_gp: rcu_tasks grace period number 85 (since boot) is 10658 jiffies old. rcu_tasks_wait_gp: rcu_tasks grace period number 85 (since boot) is 40793 jiffies old. rcu_tasks_wait_gp: rcu_tasks grace period number 85 (since boot) is 131273 jiffies old. rcu_tasks_wait_gp: rcu_tasks grace period number 85 (since boot) is 402058 jiffies old. INFO: rcu_tasks detected stalls on tasks: 00000000769f52cd: .N nvcsw: 2/2 holdout: 1 idle_cpu: -1/64 task:napi/eth2-8265 state:R running task stack:0 pid:48300 tgid:48300 ppid:2 task_flags:0x208040 flags:0x00004000 Call Trace: <TASK> ? napi_threaded_poll_loop+0x27c/0x2c0 ? __pfx_napi_threaded_poll+0x10/0x10 ? napi_threaded_poll+0x26/0x80 ? kthread+0xfa/0x240 ? __pfx_kthread+0x10/0x10 ? ret_from_fork+0x31/0x50 ? __pfx_kthread+0x10/0x10 ? ret_from_fork_asm+0x1a/0x30 </TASK>

The cause is that in threaded busypoll, the main loop is in napi_threaded_poll rather than napi_threaded_poll_loop, where the latter rarely iterates more than once within its loop. For rcu_softirq_qs_periodic inside napi_threaded_poll_loop to report its qs state, the last_qs must be 100ms behind, and this can't happen because napi_threaded_poll_loop rarely iterates in threaded busypoll, and each time napi_threaded_poll_loop is called last_qs is reset to latest jiffies.

This patch changes so that in threaded busypoll, last_qs is saved in the outer napi_threaded_poll, and whether busy_poll_last_qs is NULL indicates whether napi_threaded_poll_loop is called for busypoll. This way last_qs would not reset to latest jiffies on each invocation of napi_threaded_poll_loop.

AnalysisAI

RCU tasks grace period stalls cause denial of service in Linux kernel's threaded NAPI busypoll implementation (6.19+). When threaded busypoll is enabled on network interfaces, the napi_threaded_poll_loop function resets its quiescent state tracking (last_qs) on every invocation, preventing rcu_softirq_qs_periodic from reporting grace period completion. This triggers kernel stalls lasting hundreds of seconds (400,000+ jiffies observed), causing tools like bpftrace to hang indefinitely and impacting system stability. Vendor patches available for 6.19.9 and 7.0. EPSS score of 0.02% suggests very low active exploitation likelihood, consistent with this being a kernel-internal RCU mechanism issue affecting specific network polling configurations rather than a remotely triggerable network attack surface.

Technical ContextAI

The vulnerability exists in the Read-Copy-Update (RCU) tasks mechanism within the Linux kernel's NAPI (New API) threaded busypolling code path. Threaded busypoll, introduced in commit c18d4b190a466 for network packet processing, creates dedicated kernel threads (napi/ethX-XXXX) that poll network interfaces. The bug lies in how the outer napi_threaded_poll and inner napi_threaded_poll_loop functions coordinate last_qs timestamp tracking for rcu_softirq_qs_periodic. In threaded busypoll mode, napi_threaded_poll_loop rarely iterates more than once per call, but each invocation resets last_qs to current jiffies, preventing the 100ms threshold from ever being reached. This blocks RCU grace period completion (rcu_tasks_wait_gp), causing scheduler stalls. The fix moves last_qs persistence to the outer napi_threaded_poll scope and uses a NULL check on busy_poll_last_qs to detect busypoll invocations, ensuring quiescent state reporting works correctly across repeated short poll loops. Affects Linux kernel 6.19 through early 7.0 versions using threaded NAPI busypolling.

RemediationAI

Upgrade to Linux kernel 6.19.9, 7.0, or later stable releases containing commit 52459201d0df3 or 1a86a1f7d889. Upstream patches available at https://git.kernel.org/stable/c/52459201d0df3fdbb1d281738b7b772e2cacb49c (6.19.9 backport) and https://git.kernel.org/stable/c/1a86a1f7d88996085934139fa4c063b6299a2dd3 (mainline 7.0). If immediate patching is not feasible, disable threaded busypoll by setting network driver parameters to use standard interrupt-driven NAPI or non-threaded polling modes - consult driver documentation for your specific NIC (e.g., for Intel drivers: 'ethtool -C ethX adaptive-rx off' or module parameter 'threaded=0'). This workaround eliminates the stall condition but may reduce network throughput under high packet rates (10-20% performance degradation on high-frequency trading or packet capture workloads). Monitor for kernel stall messages ('rcu_tasks_wait_gp' in dmesg) as early warning. Do not use kernel tracing tools (bpftrace, perf) on affected systems with threaded busypoll enabled, as they will trigger and expose the hang condition.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43385 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy