Description
In the Linux kernel, the following vulnerability has been resolved:

openvswitch: vport: fix self-deadlock on release of tunnel ports

vports are used concurrently and protected by RCU, so netdev_put()
must happen after the RCU grace period. So, either in an RCU call or
after the synchronize_net(). The rtnl_delete_link() must happen under
RTNL and so can't be executed in RCU context. Calling synchronize_net()
while holding RTNL is not a good idea for performance and system
stability under load in general, so calling netdev_put() in RCU call
is the right solution here.

However,
when the device is deleted, rtnl_unlock() will call netdev_run_todo()
and block until all the references are gone. In the current code this
means that we never reach the call_rcu() and the vport is never freed
and the reference is never released, causing a self-deadlock on device
removal.

Fix that by moving the rcu_call() before the rtnl_unlock(), so the
scheduled RCU callback will be executed when synchronize_net() is
called from the rtnl_unlock()->netdev_run_todo() while the RTNL itself
is already released.
Published: 2026-05-28
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A concurrency bug in the Linux kernel’s openvswitch virtual port implementation causes a self‑deadlock when a tunnel port device is removed. The removal process waits for an RCU callback that never runs because the reference count is never released, leading to a permanent block and resource leak. If an administrator attempts to delete such a device, the kernel may hang, disrupting networking and related services.

Affected Systems

The vulnerability exists in the Linux kernel’s openvswitch vport code. All distributions running an unpatched kernel that use tunnel or virtual ports are affected; the fix is present in kernel commits cited in the advisory but no specific version range is listed.

Risk and Exploitability

The CVSS score is 5.5 and the EPSS score is < 1%, indicating a low to moderate likelihood of exploitation, and the vulnerability is not listed in the CISA KEV catalog. The issue results in availability loss rather than a direct compromise. Exploitation requires the ability to delete a tunnel port device, a privilege normally reserved for users with network configuration rights or root access. Consequently the risk is moderate for systems relying on continuous networking uptime when local privileged access is present.

Generated by OpenCVE AI on June 11, 2026 at 00:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that contains the self‑deadlock fix. The fix has been committed in recent kernel releases; installing a patch or upgrading to a newer kernel will resolve the issue.
  • Ensure that tunnel port removal operations are performed only after confirming the system is using a patched kernel; avoid deleting ports during peak load to reduce the chance of deadlock occurrence.
  • Validate that any custom kernel modules or third‑party networking patches are compatible with the updated openvswitch vport implementation to prevent regressions or additional deadlock scenarios.

Generated by OpenCVE AI on June 11, 2026 at 00:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 23:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-665

Wed, 10 Jun 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-667
CPEs cpe:2.3:o:linux:linux_kernel:7.0:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*

Mon, 01 Jun 2026 17:00:00 +0000

Type Values Removed Values Added
References

Fri, 29 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-833
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Thu, 28 May 2026 13:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-665

Thu, 28 May 2026 10:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: openvswitch: vport: fix self-deadlock on release of tunnel ports vports are used concurrently and protected by RCU, so netdev_put() must happen after the RCU grace period. So, either in an RCU call or after the synchronize_net(). The rtnl_delete_link() must happen under RTNL and so can't be executed in RCU context. Calling synchronize_net() while holding RTNL is not a good idea for performance and system stability under load in general, so calling netdev_put() in RCU call is the right solution here. However, when the device is deleted, rtnl_unlock() will call netdev_run_todo() and block until all the references are gone. In the current code this means that we never reach the call_rcu() and the vport is never freed and the reference is never released, causing a self-deadlock on device removal. Fix that by moving the rcu_call() before the rtnl_unlock(), so the scheduled RCU callback will be executed when synchronize_net() is called from the rtnl_unlock()->netdev_run_todo() while the RTNL itself is already released.
Title openvswitch: vport: fix self-deadlock on release of tunnel ports
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-14T17:59:29.913Z

Reserved: 2026-05-13T15:03:33.102Z

Link: CVE-2026-46165

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-28T10:16:32.143

Modified: 2026-06-10T21:14:22.300

Link: CVE-2026-46165

cve-icon Redhat

Severity : Low

Publid Date: 2026-05-28T00:00:00Z

Links: CVE-2026-46165 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-11T00:30:45Z

Weaknesses