{
  "public_date" : "2026-05-08T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: sched_ext: Fix SCX_KICK_WAIT deadlock by deferring wait to balance callback",
    "id" : "2468074",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2468074"
  },
  "cwe" : "CWE-833",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nsched_ext: Fix SCX_KICK_WAIT deadlock by deferring wait to balance callback\nSCX_KICK_WAIT busy-waits in kick_cpus_irq_workfn() using\nsmp_cond_load_acquire() until the target CPU's kick_sync advances. Because\nthe irq_work runs in hardirq context, the waiting CPU cannot reschedule and\nits own kick_sync never advances. If multiple CPUs form a wait cycle, all\nCPUs deadlock.\nReplace the busy-wait in kick_cpus_irq_workfn() with resched_curr() to\nforce the CPU through do_pick_task_scx(), which queues a balance callback\nto perform the wait. The balance callback drops the rq lock and enables\nIRQs following the sched_core_balance() pattern, so the CPU can process\nIPIs while waiting. The local CPU's kick_sync is advanced on entry to\ndo_pick_task_scx() and continuously during the wait, ensuring any CPU that\nstarts waiting for us sees the advancement and cannot form cyclic\ndependencies.", "A flaw was found in the Linux kernel, specifically within the `sched_ext` component. This vulnerability can lead to a system-wide deadlock, causing a Denial of Service (DoS) where the system becomes unresponsive. The issue arises when the kernel's scheduling mechanism enters a busy-wait state in a critical section, preventing processors from performing other tasks. If multiple processors become stuck in this waiting loop, the entire system can freeze." ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-43326\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-43326\nhttps://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2026/CVE-2026-43326.mbox" ],
  "name" : "CVE-2026-43326",
  "csaw" : false
}