CVE-2026-43482 - Vulnerability Details

- sched_ext: Disable preemption between scx_claim_exit() and kicking helper work

Description

In the Linux kernel, the following vulnerability has been resolved:

sched_ext: Disable preemption between scx_claim_exit() and kicking helper work

scx_claim_exit() atomically sets exit_kind, which prevents scx_error() from
triggering further error handling. After claiming exit, the caller must kick
the helper kthread work which initiates bypass mode and teardown.

If the calling task gets preempted between claiming exit and kicking the
helper work, and the BPF scheduler fails to schedule it back (since error
handling is now disabled), the helper work is never queued, bypass mode
never activates, tasks stop being dispatched, and the system wedges.

Disable preemption across scx_claim_exit() and the subsequent work kicking
in all callers - scx_disable() and scx_vexit(). Add
lockdep_assert_preemption_disabled() to scx_claim_exit() to enforce the
requirement.

Published: 2026-05-13

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability arises from the Linux kernel failing to disable preemption between the scx_claim_exit() call and the subsequent kicking of a helper kthread, exposing a scheduling race condition (CWE-368). When a task is preempted in that narrow window, the BPF scheduler may fail to reschedule it, resulting in the helper work never being queued. Without the helper, bypass mode is never activated and tasks stop being dispatched, causing the system to wedge.

Affected Systems

All Linux kernel installations that have not applied the patch which adds preemption disabling around scx_claim_exit() and the subsequent work kicking are vulnerable. The fix is applied to the upstream kernel via a commit that enforces preemption suppression across scx_claim_exit(), scx_disable(), and scx_vexit(). Use the vendor’s security advisories or kernel changelogs to verify whether your kernel version includes this commit.

Risk and Exploitability

The CVSS score is not provided and the EPSS score is < 1%, indicating a very low probability of exploitation. However, because the flaw leads to a full kernel lockup and requires a specific timing condition involving preemption and BPF scheduling, exploitation remains possible but unlikely, and the impact if successful would be catastrophic.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`f0e1a0643a59bf1f922fa209cec86a170b784f3f`	affected	< 41423912f7ac7494ccd6eef411227b4efce740e0
`f0e1a0643a59bf1f922fa209cec86a170b784f3f`	affected	< 522acaae34aa7e05859260056b39c7c030592a0c
`f0e1a0643a59bf1f922fa209cec86a170b784f3f`	affected	< 5131dbec2c10961b34f844bc30b400c3fa0bcc72
`f0e1a0643a59bf1f922fa209cec86a170b784f3f`	affected	< 83236b2e43dba00bee5b82eb5758816b1a674f6a

Linux

affected

Version	Status	Constraints
`6.12`	affected	—
`0`	unaffected	< 6.12
`6.12.78`	unaffected	≤ 6.12.*
`6.18.20`	unaffected	≤ 6.18.*
`6.19.9`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[f0e1a0643a59bf1f922fa209cec86a170b784f3f,41423912f7ac7494ccd6eef411227b4efce740e0)`	affected	code_commit	—
`[f0e1a0643a59bf1f922fa209cec86a170b784f3f,522acaae34aa7e05859260056b39c7c030592a0c)`	affected	code_commit	—
`[f0e1a0643a59bf1f922fa209cec86a170b784f3f,5131dbec2c10961b34f844bc30b400c3fa0bcc72)`	affected	code_commit	—
`[f0e1a0643a59bf1f922fa209cec86a170b784f3f,83236b2e43dba00bee5b82eb5758816b1a674f6a)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.12`	affected	semver	—
`[0,6.12)`	unaffected	semver	—
`[6.12.78,6.13.0)`	unaffected	semver	—
`[6.18.20,6.19.0)`	unaffected	semver	—
`[6.19.9,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the linux kernel to a version that contains the patch disabling preemption across scx_claim_exit() and the helper scheduling calls.
Reboot the system after installing the patch to ensure the changes take effect.
Schedule a maintenance window to apply the patch and reboot, minimizing disruption to services.

Generated by OpenCVE AI on May 14, 2026 at 15:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00023.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/41423912f7ac7494ccd6eef411227b4efce740e0
https://git.kernel.org/stable/c/5131dbec2c10961b34f844bc30b400c3fa0bcc72
https://git.kernel.org/stable/c/522acaae34aa7e05859260056b39c7c030592a0c
https://git.kernel.org/stable/c/83236b2e43dba00bee5b82eb5758816b1a674f6a
https://lore.kernel.org/linux-cve-announce/2026051348-CVE-2026-43482-8a3e@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43482
https://www.cve.org/CVERecord?id=CVE-2026-43482

History

Thu, 14 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-362 CWE-400

Thu, 14 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-368
References		https://lore.kernel.org/linux-cve-announce/2026051348-CVE-2026-43482-8a3e@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43482 https://www.cve.org/CVERecord?id=CVE-2026-43482

Wed, 13 May 2026 18:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-362 CWE-400

Wed, 13 May 2026 15:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: sched_ext: Disable preemption between scx_claim_exit() and kicking helper work scx_claim_exit() atomically sets exit_kind, which prevents scx_error() from triggering further error handling. After claiming exit, the caller must kick the helper kthread work which initiates bypass mode and teardown. If the calling task gets preempted between claiming exit and kicking the helper work, and the BPF scheduler fails to schedule it back (since error handling is now disabled), the helper work is never queued, bypass mode never activates, tasks stop being dispatched, and the system wedges. Disable preemption across scx_claim_exit() and the subsequent work kicking in all callers - scx_disable() and scx_vexit(). Add lockdep_assert_preemption_disabled() to scx_claim_exit() to enforce the requirement.
Title		sched_ext: Disable preemption between scx_claim_exit() and kicking helper work
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/41423912f7ac7494ccd6eef411227b4efce740e0 https://git.kernel.org/stable/c/5131dbec2c10961b34f844bc30b400c3fa0bcc72 https://git.kernel.org/stable/c/522acaae34aa7e05859260056b39c7c030592a0c https://git.kernel.org/stable/c/83236b2e43dba00bee5b82eb5758816b1a674f6a

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-13T15:08:29.739Z

Updated: 2026-05-13T15:08:29.739Z

Reserved: 2026-05-01T14:12:56.012Z

Link: CVE-2026-43482

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-13T16:16:51.390

Modified: 2026-05-22T16:33:17.283

Link: CVE-2026-43482

Redhat

Severity :

Publid Date: 2026-05-13T00:00:00Z

Links: CVE-2026-43482 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-14T16:00:15Z

Weaknesses

CWE-368

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object