Description
In the Linux kernel, the following vulnerability has been resolved:

net/rds: Fix circular locking dependency in rds_tcp_tune

syzbot reported a circular locking dependency in rds_tcp_tune() where
sk_net_refcnt_upgrade() is called while holding the socket lock:

======================================================
WARNING: possible circular locking dependency detected
======================================================
kworker/u10:8/15040 is trying to acquire lock:
ffffffff8e9aaf80 (fs_reclaim){+.+.}-{0:0},
at: __kmalloc_cache_noprof+0x4b/0x6f0

but task is already holding lock:
ffff88805a3c1ce0 (k-sk_lock-AF_INET6){+.+.}-{0:0},
at: rds_tcp_tune+0xd7/0x930

The issue occurs because sk_net_refcnt_upgrade() performs memory
allocation (via get_net_track() -> ref_tracker_alloc()) while the
socket lock is held, creating a circular dependency with fs_reclaim.

Fix this by moving sk_net_refcnt_upgrade() outside the socket lock
critical section. This is safe because the fields modified by the
sk_net_refcnt_upgrade() call (sk_net_refcnt, ns_tracker) are not
accessed by any concurrent code path at this point.

v2:
- Corrected fixes tag
- check patch line wrap nits
- ai commentary nits
Published: 2026-04-03
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Potential deadlock causing denial of service in Linux kernel RDS TCP module
Action: Apply Patch
AI Analysis

Impact

A circular locking dependency exists in the RDS TCP implementation of the Linux kernel. The function sk_net_refcnt_upgrade() allocates memory while holding the socket lock, creating a situation where the task can be stalled by another lock, leading to a deadlock. This weakness, classified as CWE-833, can result in a denial‑of‑service condition if the lock order is repeatedly violated.

Affected Systems

All Linux kernel distributions before the commit that introduced the lock fix are affected. The issue has been reported for both the generic Linux kernel and the Linux kernel for Linux-based systems. No specific version range is listed, so any kernel version that has not yet merged the patch is vulnerable.

Risk and Exploitability

The vulnerability carries a score of 5.5, indicating a moderate severity level. The estimated probability of exploitation is less than 1 percent, and it is not currently listed in the known exploited vulnerabilities catalog. The attack is inferred to require traffic that triggers rds_tcp_tune, so it is limited to scenarios where the RDS protocol is in use. While the risk is moderate, it primarily concerns availability rather than confidentiality or integrity.

Generated by OpenCVE AI on April 7, 2026 at 09:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest kernel update that includes the rds_tcp_tune lock fix
  • If updating is not immediately possible, disable the RDS protocol or related services to prevent the lock condition
  • Monitor system logs for lock contention or deadlock warnings and address any anomalies promptly

Generated by OpenCVE AI on April 7, 2026 at 09:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 08:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362

Sat, 04 Apr 2026 01:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-833
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Fri, 03 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362

Fri, 03 Apr 2026 14:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: net/rds: Fix circular locking dependency in rds_tcp_tune syzbot reported a circular locking dependency in rds_tcp_tune() where sk_net_refcnt_upgrade() is called while holding the socket lock: ====================================================== WARNING: possible circular locking dependency detected ====================================================== kworker/u10:8/15040 is trying to acquire lock: ffffffff8e9aaf80 (fs_reclaim){+.+.}-{0:0}, at: __kmalloc_cache_noprof+0x4b/0x6f0 but task is already holding lock: ffff88805a3c1ce0 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at: rds_tcp_tune+0xd7/0x930 The issue occurs because sk_net_refcnt_upgrade() performs memory allocation (via get_net_track() -> ref_tracker_alloc()) while the socket lock is held, creating a circular dependency with fs_reclaim. Fix this by moving sk_net_refcnt_upgrade() outside the socket lock critical section. This is safe because the fields modified by the sk_net_refcnt_upgrade() call (sk_net_refcnt, ns_tracker) are not accessed by any concurrent code path at this point. v2: - Corrected fixes tag - check patch line wrap nits - ai commentary nits
Title net/rds: Fix circular locking dependency in rds_tcp_tune
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-04-03T13:24:23.958Z

Reserved: 2026-01-13T15:37:46.014Z

Link: CVE-2026-23419

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-03T14:16:27.843

Modified: 2026-04-03T16:10:23.730

Link: CVE-2026-23419

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-03T00:00:00Z

Links: CVE-2026-23419 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:54:17Z

Weaknesses