CVE-2026-46165

MEDIUM EPSS 1.0%
Published May 28, 20261mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 28, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: openvswitch: vport: fix self-deadlock on release of tunnel ports vports are used concurrently and protected by RCU, so netdev_put() must happen after the RCU grace period. So, either in an RCU call or after the synchronize_net(). The rtnl_delete_link() must happen under RTNL and so can't be executed in RCU context. Calling synchronize_net() while holding RTNL is not a good idea for performance and system stability under load in general, so calling netdev_put() in RCU call is the right solution here. However, when the device is deleted, rtnl_unlock() will call netdev_run_todo() and block until all the references are gone. In the current code this means that we never reach the call_rcu() and the vport is never freed and the reference is never released, causing a self-deadlock on device removal. Fix that by moving the rcu_call() before the rtnl_unlock(), so the scheduled RCU callback will be executed when synchronize_net() is called from the rtnl_unlock()->netdev_run_todo() while the RTNL itself is already released.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
1.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-667

Affected Products 11

VendorProductVersionRange
linuxlinux_kernel*≥6.1.168  –  <6.1.175
linuxlinux_kernel*≥6.6.131  –  <6.6.140
linuxlinux_kernel*≥6.12.80  –  <6.12.88
linuxlinux_kernel*≥6.18.21  –  <6.18.30
linuxlinux_kernel*≥6.19.11  –  <7.0
linuxlinux_kernel*≥7.0.1  –  <7.0.7
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.1any
linuxlinux_kernel7.1any

References 6

  • git.kernel.org https://git.kernel.org/stable/c/366c482965c673565ecb8bcfb15d5548f13a6a10
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3df75fff46b1517eb479d8e6b8e3500763715dd0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6522d59fb7de55ce0f0f285d962243ddffebb01f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8ae6c15fc473c9ad03b0173330cce9a092c76154
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/aa69918bd418e700309fdd08509dba324fb24296
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c741433f6c8dcdecd1d9549d89053761fd1ea413
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/366c482965c673565ecb8bcfb15d5548f13a6a10
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/3df75fff46b1517eb479d8e6b8e3500763715dd0
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6522d59fb7de55ce0f0f285d962243ddffebb01f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/8ae6c15fc473c9ad03b0173330cce9a092c76154
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/aa69918bd418e700309fdd08509dba324fb24296
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c741433f6c8dcdecd1d9549d89053761fd1ea413
    Patch