CVE-2026-43285
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
mm/slab: do not access current->mems_allowed_seq if !allow_spin
Lockdep complains when get_from_any_partial() is called in an NMI context, because current->mems_allowed_seq is seqcount_spinlock_t and not NMI-safe:
================================ WARNING: inconsistent lock state 6.19.0-rc5-kfree-rcu+ #315 Tainted: G N
inconsistent {INITIAL USE} -> {IN-NMI} usage. kunit_try_catch/9989 [HC1[1]:SC0[0]:HE0:SE1] takes: ffff889085799820 (&____s->seqcount#3){.-.-}-{0:0}, at: ___slab_alloc+0x58f/0xc00 {INITIAL USE} state was registered at: lock_acquire+0x185/0x320 kernel_init_freeable+0x391/0x1150 kernel_init+0x1f/0x220 ret_from_fork+0x736/0x8f0 ret_from_fork_asm+0x1a/0x30 irq event stamp: 56 hardirqs last enabled at (55): [<ffffffff850a68d7>] _raw_spin_unlock_irq+0x27/0x70 hardirqs last disabled at (56): [<ffffffff850858ca>] __schedule+0x2a8a/0x6630 softirqs last enabled at (0): [<ffffffff81536711>] copy_process+0x1dc1/0x6a10 softirqs last disabled at (0): [<0000000000000000>] 0x0
other info that might help us debug this: Possible unsafe locking scenario:
CPU0
----
lock(&____s->seqcount#3);
<Interrupt>
lock(&____s->seqcount#3);
*** DEADLOCK ***
According to Documentation/locking/seqlock.rst, seqcount_t is not NMI-safe and seqcount_latch_t should be used when read path can interrupt the write-side critical section. In this case, do not access current->mems_allowed_seq and avoid retry.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | af92793e52c3a99b828ed4bdd277fd3e11c18d08 < 353dd9934447b9193643ae1afd938607a74d4915 | affected |
| Linux | Linux | af92793e52c3a99b828ed4bdd277fd3e11c18d08 < efd767ddcef0669bbd33c6a823ea0a88f06d4b29 | affected |
| Linux | Linux | af92793e52c3a99b828ed4bdd277fd3e11c18d08 < 144080a5823b2dbd635acb6decf7ab23182664f3 | affected |
| Linux | Linux | 6.18 | affected |
| Linux | Linux | 0 < 6.18 | unaffected |
| Linux | Linux | 6.18.16 <= 6.18.* | unaffected |
| Linux | Linux | 6.19.6 <= 6.19.* | unaffected |
| Linux | Linux | 7.0 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/353dd9934447b9193643ae1afd938607a74d4915
- https://git.kernel.org/stable/c/efd767ddcef0669bbd33c6a823ea0a88f06d4b29
- https://git.kernel.org/stable/c/144080a5823b2dbd635acb6decf7ab23182664f3
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.