Description
In the Linux kernel, the following vulnerability has been resolved:

padata: Put CPU offline callback in ONLINE section to allow failure

syzbot reported the following warning:

DEAD callback error for CPU1
WARNING: kernel/cpu.c:1463 at _cpu_down+0x759/0x1020 kernel/cpu.c:1463, CPU#0: syz.0.1960/14614

at commit 4ae12d8bd9a8 ("Merge tag 'kbuild-fixes-7.0-2' of git://git.kernel.org/pub/scm/linux/kernel/git/kbuild/linux")
which tglx traced to padata_cpu_dead() given it's the only
sub-CPUHP_TEARDOWN_CPU callback that returns an error.

Failure isn't allowed in hotplug states before CPUHP_TEARDOWN_CPU
so move the CPU offline callback to the ONLINE section where failure is
possible.
Published: 2026-06-26
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability exists in the Linux kernel’s CPU hotplug code. During a CPU offline operation a callback that is only allowed to fail in the ONLINE phase was mistakenly registered in the OFFLINE teardown. When a CPU is taken offline, this callback may return an error, causing the kernel to emit a DEAD callback warning and potentially stall the hotplug sequence. This failure does not grant code execution or data access but can force a system reboot or service interruption, resulting in a denial of service.

Affected Systems

Linux kernels that include the affected code path before commit 4ae12d8bd9a8 are vulnerable. The patch that moves the offending callback to the ONLINE section was introduced in that commit and is preserved in subsequent updates. Kernels compiled or distributed prior to that commit remain at risk.

Risk and Exploitability

The CVSS score of 5.5 indicates medium severity, and the EPSS score of less than 1 % shows a very low likelihood of exploitation in the wild. The flaw is only exploitable when an attacker can perform privileged CPU hotplug operations, which requires local kernel access. A local attacker could trigger the callback to provoke a DEAD warning, potentially causing a kernel failure that requires a reboot, but cannot gain arbitrary code execution or access privileged data.

Generated by OpenCVE AI on June 30, 2026 at 04:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that contains commit 4ae12d8bd9a8 or later, which corrects the callback registration.
  • If an upgrade is not immediately possible, temporarily disable CPU hotplug for the affected CPUs by setting the kernel parameter hotplug=off or by removing the relevant entry in sysfs so the faulty callback path is never exercised.
  • Configure system logging or monitoring solutions to alert on DEAD callback warnings so that a potential kernel hang can be detected and the host can be rebooted or hotplug operations halted promptly.

Generated by OpenCVE AI on June 30, 2026 at 04:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4665-1 linux security update
Debian DLA Debian DLA DLA-4671-1 linux-6.1 security update
History

Tue, 30 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-754

Tue, 30 Jun 2026 03:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-745

Tue, 30 Jun 2026 00:45:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low


Fri, 26 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-745

Fri, 26 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: padata: Put CPU offline callback in ONLINE section to allow failure syzbot reported the following warning: DEAD callback error for CPU1 WARNING: kernel/cpu.c:1463 at _cpu_down+0x759/0x1020 kernel/cpu.c:1463, CPU#0: syz.0.1960/14614 at commit 4ae12d8bd9a8 ("Merge tag 'kbuild-fixes-7.0-2' of git://git.kernel.org/pub/scm/linux/kernel/git/kbuild/linux") which tglx traced to padata_cpu_dead() given it's the only sub-CPUHP_TEARDOWN_CPU callback that returns an error. Failure isn't allowed in hotplug states before CPUHP_TEARDOWN_CPU so move the CPU offline callback to the ONLINE section where failure is possible.
Title padata: Put CPU offline callback in ONLINE section to allow failure
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-26T19:41:07.447Z

Reserved: 2026-06-09T07:44:35.397Z

Link: CVE-2026-53314

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Low

Publid Date: 2026-06-26T00:00:00Z

Links: CVE-2026-53314 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T04:30:04Z

Weaknesses
  • CWE-754

    Improper Check for Unusual or Exceptional Conditions