CVE-2026-43468

MEDIUM EPSS 0.6%
Published May 8, 20261mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 8, 2026 1mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix deadlock between devlink lock and esw->wq esw->work_queue executes esw_functions_changed_event_handler -> esw_vfs_changed_event_handler and acquires the devlink lock. .eswitch_mode_set (acquires devlink lock in devlink_nl_pre_doit) -> mlx5_devlink_eswitch_mode_set -> mlx5_eswitch_disable_locked -> mlx5_eswitch_event_handler_unregister -> flush_workqueue deadlocks when esw_vfs_changed_event_handler executes. Fix that by no longer flushing the work to avoid the deadlock, and using a generation counter to keep track of work relevance. This avoids an old handler manipulating an esw that has undergone one or more mode changes: - the counter is incremented in mlx5_eswitch_event_handler_unregister. - the counter is read and passed to the ephemeral mlx5_host_work struct. - the work handler takes the devlink lock and bails out if the current generation is different than the one it was scheduled to operate on. - mlx5_eswitch_cleanup does the final draining before destroying the wq. No longer flushing the workqueue has the side effect of maybe no longer cancelling pending vport_change_handler work items, but that's ok since those are disabled elsewhere: - mlx5_eswitch_disable_locked disables the vport eq notifier. - mlx5_esw_vport_disable disarms the HW EQ notification and marks vport->enabled under state_lock to false to prevent pending vport handler from doing anything. - mlx5_eswitch_cleanup destroys the workqueue and makes sure all events are disabled/finished.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
0.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-667

Affected Products 8

VendorProductVersionRange
linuxlinux_kernel*≥6.0  –  <6.1.167
linuxlinux_kernel*≥6.2  –  <6.6.130
linuxlinux_kernel*≥6.7  –  <6.12.78
linuxlinux_kernel*≥6.13  –  <6.18.19
linuxlinux_kernel*≥6.19  –  <6.19.9
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any

References 6

  • git.kernel.org https://git.kernel.org/stable/c/0de867f6e34eae6907b367fd152c55e61cb98608
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3c7313cb41b1b427078440364d2f042c276a1c0b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4a7838bebc38374f74baaf88bf2cf8d439a92923
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/90e7e5d14d0bd25ffd019a3aa39d9f1c05fedbe1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/957d2a58f7f8ebcbdd0a85935e0d2675134b890d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/aed763abf0e905b4b8d747d1ba9e172961572f57
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0de867f6e34eae6907b367fd152c55e61cb98608
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3c7313cb41b1b427078440364d2f042c276a1c0b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4a7838bebc38374f74baaf88bf2cf8d439a92923
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/90e7e5d14d0bd25ffd019a3aa39d9f1c05fedbe1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/957d2a58f7f8ebcbdd0a85935e0d2675134b890d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/aed763abf0e905b4b8d747d1ba9e172961572f57
    Patch