Description
In the Linux kernel, the following vulnerability has been resolved:

slab: fix kmalloc_nolock() context check for PREEMPT_RT

On PREEMPT_RT kernels, local_lock becomes a sleeping lock. The current
check in kmalloc_nolock() only verifies we're not in NMI or hard IRQ
context, but misses the case where preemption is disabled.

When a BPF program runs from a tracepoint with preemption disabled
(preempt_count > 0), kmalloc_nolock() proceeds to call
local_lock_irqsave() which attempts to acquire a sleeping lock,
triggering:

BUG: sleeping function called from invalid context
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 6128
preempt_count: 2, expected: 0

Fix this by checking !preemptible() on PREEMPT_RT, which directly
expresses the constraint that we cannot take a sleeping lock when
preemption is disabled. This encompasses the previous checks for NMI
and hard IRQ contexts while also catching cases where preemption is
disabled.
Published: 2026-02-14
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Assess Impact
AI Analysis

Impact

The kernel contains a flaw in the handling of kmalloc_nolock() when the PREEMPT_RT configuration is enabled and preemption is disabled. In these conditions, the function attempts to acquire a sleeping lock in an atomic context, triggering a BUG that brings the kernel to an Oops and halts the system. This failure can be reproduced by executing BPF programs from tracepoints while preemption is disabled, thereby causing a kernel crash and a system denial of service. The weakness is a failure to validate the execution context before acquiring a resource, a classic example of improper function use.

Affected Systems

Affected systems include Linux kernel releases 6.19 and its release candidates (rc1–rc6) and any PREEMPT_RT-enabled kernel version before the patch is applied. The vulnerability is present in the generic Linux kernel and any derivative that incorporates the same kmalloc_nolock implementation without the fix.

Risk and Exploitability

The CVSS score of 5.5 indicates medium severity, and the EPSS score of <1% implies a very low probability of exploitation at present. The vulnerability is not listed in CISA’s KEV catalog. Attack likely requires local privileges or the ability to run BPF programs or trigger tracepoints, making it a local or privileged remote attack vector. While the impact is severe – a kernel crash – the narrow execution conditions and low exploitation likelihood reduce overall risk for most systems.

Generated by OpenCVE AI on April 18, 2026 at 12:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a kernel update that includes the kmalloc_nolock fix as soon as it becomes available
  • If upgrading immediately is not possible, disable the PREEMPT_RT kernel configuration or ensure that code paths that enable BPF tracepoint execution run with preemption enabled
  • Configure system logging to alert on "BUG: sleeping function called from invalid context" messages so that a crash can be detected and responded to promptly

Generated by OpenCVE AI on April 18, 2026 at 12:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Mar 2026 21:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Tue, 17 Feb 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Sat, 14 Feb 2026 15:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: slab: fix kmalloc_nolock() context check for PREEMPT_RT On PREEMPT_RT kernels, local_lock becomes a sleeping lock. The current check in kmalloc_nolock() only verifies we're not in NMI or hard IRQ context, but misses the case where preemption is disabled. When a BPF program runs from a tracepoint with preemption disabled (preempt_count > 0), kmalloc_nolock() proceeds to call local_lock_irqsave() which attempts to acquire a sleeping lock, triggering: BUG: sleeping function called from invalid context in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 6128 preempt_count: 2, expected: 0 Fix this by checking !preemptible() on PREEMPT_RT, which directly expresses the constraint that we cannot take a sleeping lock when preemption is disabled. This encompasses the previous checks for NMI and hard IRQ contexts while also catching cases where preemption is disabled.
Title slab: fix kmalloc_nolock() context check for PREEMPT_RT
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-02-14T15:14:33.806Z

Reserved: 2026-01-13T15:37:45.971Z

Link: CVE-2026-23134

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-02-14T16:15:53.377

Modified: 2026-03-17T21:16:27.177

Link: CVE-2026-23134

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-02-14T00:00:00Z

Links: CVE-2026-23134 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T12:30:45Z

Weaknesses