Description
In the Linux kernel, the following vulnerability has been resolved:

sched_ext: Fix SCX_KICK_WAIT deadlock by deferring wait to balance callback

SCX_KICK_WAIT busy-waits in kick_cpus_irq_workfn() using
smp_cond_load_acquire() until the target CPU's kick_sync advances. Because
the irq_work runs in hardirq context, the waiting CPU cannot reschedule and
its own kick_sync never advances. If multiple CPUs form a wait cycle, all
CPUs deadlock.

Replace the busy-wait in kick_cpus_irq_workfn() with resched_curr() to
force the CPU through do_pick_task_scx(), which queues a balance callback
to perform the wait. The balance callback drops the rq lock and enables
IRQs following the sched_core_balance() pattern, so the CPU can process
IPIs while waiting. The local CPU's kick_sync is advanced on entry to
do_pick_task_scx() and continuously during the wait, ensuring any CPU that
starts waiting for us sees the advancement and cannot form cyclic
dependencies.
Published: 2026-05-08
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The SCX_KICK_WAIT routine in the Linux scheduler module busy‑waits in hardirq context while awaiting a kick_sync variable. Because the CPU cannot reschedule during this wait, its own kick_sync never advances, and when multiple CPUs form a wait cycle each stalls. This results in a deadlock that immobilizes the CPU pool, effectively halting system operation. The flaw is a classic race condition that leads to a kernel lock‑up, a severe denial of service scenario. The issue was addressed by replacing the tight loop with a rescheduling call and deferring the wait to a balance callback.

Affected Systems

This vulnerability exists in all Linux kernel releases that contain the original SCX_KICK_WAIT implementation. No version numbers are specified in the CVE data; the fixes are introduced in commits 415cb193 and c3a7903f. Any kernel built from or after these commits is considered safe. Administrators should verify that their running kernel incorporates these commits before relying on the resolution.

Risk and Exploitability

The deadlock can be triggered by the kernel's internal scheduling logic and does not require an external payload. No publicly documented exploits exist, and the EPSS score is unavailable. The vulnerability is not listed in CISA’s KEV catalog. Because the flaw can bring all CPU cores to a halt, it poses a significant risk if present. Patching is recommended as soon as practicable, especially on systems that run untrusted or privileged code close to the kernel.

Generated by OpenCVE AI on May 8, 2026 at 19:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that includes the SCX_KICK_WAIT fix, such as the kernel builds that contain commits 415cb193 or c3a7903f.
  • If an official distribution package is not yet available, backport the commits into your kernel source and rebuild the kernel.
  • Reboot the system to activate the updated scheduler code and confirm that the kernel is running the patched version.

Generated by OpenCVE AI on May 8, 2026 at 19:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 08 May 2026 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362

Fri, 08 May 2026 14:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix SCX_KICK_WAIT deadlock by deferring wait to balance callback SCX_KICK_WAIT busy-waits in kick_cpus_irq_workfn() using smp_cond_load_acquire() until the target CPU's kick_sync advances. Because the irq_work runs in hardirq context, the waiting CPU cannot reschedule and its own kick_sync never advances. If multiple CPUs form a wait cycle, all CPUs deadlock. Replace the busy-wait in kick_cpus_irq_workfn() with resched_curr() to force the CPU through do_pick_task_scx(), which queues a balance callback to perform the wait. The balance callback drops the rq lock and enables IRQs following the sched_core_balance() pattern, so the CPU can process IPIs while waiting. The local CPU's kick_sync is advanced on entry to do_pick_task_scx() and continuously during the wait, ensuring any CPU that starts waiting for us sees the advancement and cannot form cyclic dependencies.
Title sched_ext: Fix SCX_KICK_WAIT deadlock by deferring wait to balance callback
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-08T13:31:10.184Z

Reserved: 2026-05-01T14:12:56.002Z

Link: CVE-2026-43326

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-08T14:16:42.133

Modified: 2026-05-08T14:16:42.133

Link: CVE-2026-43326

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-08T21:00:09Z

Weaknesses