Description
In the Linux kernel, the following vulnerability has been resolved:

perf/core: Fix invalid wait context in ctx_sched_in()

Lockdep found a bug in the event scheduling when a pinned event was
failed and wakes up the threads in the ring buffer like below.

It seems it should not grab a wait-queue lock under perf-context lock.
Let's do it with irq_work.

[ 39.913691] =============================
[ 39.914157] [ BUG: Invalid wait context ]
[ 39.914623] 6.15.0-next-20250530-next-2025053 #1 Not tainted
[ 39.915271] -----------------------------
[ 39.915731] repro/837 is trying to lock:
[ 39.916191] ffff88801acfabd8 (&event->waitq){....}-{3:3}, at: __wake_up+0x26/0x60
[ 39.917182] other info that might help us debug this:
[ 39.917761] context-{5:5}
[ 39.918079] 4 locks held by repro/837:
[ 39.918530] #0: ffffffff8725cd00 (rcu_read_lock){....}-{1:3}, at: __perf_event_task_sched_in+0xd1/0xbc0
[ 39.919612] #1: ffff88806ca3c6f8 (&cpuctx_lock){....}-{2:2}, at: __perf_event_task_sched_in+0x1a7/0xbc0
[ 39.920748] #2: ffff88800d91fc18 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_in+0x1f9/0xbc0
[ 39.921819] #3: ffffffff8725cd00 (rcu_read_lock){....}-{1:3}, at: perf_event_wakeup+0x6c/0x470
Published: 2026-03-25
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Kernel crash (Denial of Service)
Action: Immediate Patch
AI Analysis

Impact

The flaw lies in the Linux kernel's performance event scheduler. An invalid wait context can arise when a pinned event fails and the scheduler attempts to wake threads while holding a wait‑queue lock inside the perf‑context lock. This misuse of locking leads to a kernel panic and denial of service. The weakness is classified as CWE-413.

Affected Systems

The vulnerability affects any Linux kernel that contains the buggy perf/core implementation before the patch. The log excerpt indicates the issue appears in kernel 6.15.0-next-20250530-next. All Linux releases that have not yet applied the commit 486ff5ad49bc50315bcaf6d45f04a33ef0a45ced are potentially vulnerable. The vendor is the Linux kernel project.

Risk and Exploitability

The CVSS score of 5.5 signals moderate severity, while the EPSS score of less than 1 ‑ % denotes a low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog, suggesting no public exploits are currently known. Attacking this flaw would likely require a local user or kernel module capable of creating a failing perf event; no clear remote exploitation path is documented.

Generated by OpenCVE AI on March 26, 2026 at 14:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a kernel version that includes the commit 486ff5ad49bc50315bcaf6d45f04a33ef0a45ced or the patched 6.15.0-next release.
  • Verify that the running kernel reports the patch commit hash.
  • If an upgrade cannot be performed immediately, disable or limit perf event pinning to avoid the failure condition that triggers the invalid wait context.
  • Monitor system logs for “Invalid wait context” messages to detect any occurrence.
  • Ensure kernel integrity by verifying signatures of loaded modules and by applying security hardening mitigations such as CONFIG_IRQ_WORK.

Generated by OpenCVE AI on March 26, 2026 at 14:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 12:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362
CWE-420

Thu, 26 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-413
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362
CWE-420

Wed, 25 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix invalid wait context in ctx_sched_in() Lockdep found a bug in the event scheduling when a pinned event was failed and wakes up the threads in the ring buffer like below. It seems it should not grab a wait-queue lock under perf-context lock. Let's do it with irq_work. [ 39.913691] ============================= [ 39.914157] [ BUG: Invalid wait context ] [ 39.914623] 6.15.0-next-20250530-next-2025053 #1 Not tainted [ 39.915271] ----------------------------- [ 39.915731] repro/837 is trying to lock: [ 39.916191] ffff88801acfabd8 (&event->waitq){....}-{3:3}, at: __wake_up+0x26/0x60 [ 39.917182] other info that might help us debug this: [ 39.917761] context-{5:5} [ 39.918079] 4 locks held by repro/837: [ 39.918530] #0: ffffffff8725cd00 (rcu_read_lock){....}-{1:3}, at: __perf_event_task_sched_in+0xd1/0xbc0 [ 39.919612] #1: ffff88806ca3c6f8 (&cpuctx_lock){....}-{2:2}, at: __perf_event_task_sched_in+0x1a7/0xbc0 [ 39.920748] #2: ffff88800d91fc18 (&ctx->lock){....}-{2:2}, at: __perf_event_task_sched_in+0x1f9/0xbc0 [ 39.921819] #3: ffffffff8725cd00 (rcu_read_lock){....}-{1:3}, at: perf_event_wakeup+0x6c/0x470
Title perf/core: Fix invalid wait context in ctx_sched_in()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:04:25.774Z

Reserved: 2026-01-13T15:37:45.994Z

Link: CVE-2026-23311

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-25T11:16:27.327

Modified: 2026-03-25T15:41:33.977

Link: CVE-2026-23311

cve-icon Redhat

Severity : Low

Publid Date: 2026-03-25T00:00:00Z

Links: CVE-2026-23311 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:49:57Z

Weaknesses