CVE-2026-43292
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
mm/vmalloc: prevent RCU stalls in kasan_release_vmalloc_node
When CONFIG_PAGE_OWNER is enabled, freeing KASAN shadow pages during vmalloc cleanup triggers expensive stack unwinding that acquires RCU read locks. Processing a large purge_list without rescheduling can cause the task to hold CPU for extended periods (10+ seconds), leading to RCU stalls and potential OOM conditions.
The issue manifests in purge_vmap_node() -> kasan_release_vmalloc_node() where iterating through hundreds or thousands of vmap_area entries and freeing their associated shadow pages causes:
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P6229/1:b..l … task:kworker/0:17 state:R running task stack:28840 pid:6229 … kasan_release_vmalloc_node+0x1ba/0xad0 mm/vmalloc.c:2299 purge_vmap_node+0x1ba/0xad0 mm/vmalloc.c:2299
Each call to kasan_release_vmalloc() can free many pages, and with page_owner tracking, each free triggers save_stack() which performs stack unwinding under RCU read lock. Without yielding, this creates an unbounded RCU critical section.
Add periodic cond_resched() calls within the loop to allow:
- RCU grace periods to complete
- Other tasks to run
- Scheduler to preempt when needed
The fix uses need_resched() for immediate response under load, with a batch count of 32 as a guaranteed upper bound to prevent worst-case stalls even under light load.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 282631cb2447318e2a55b41a665dbe8571c46d70 < 2efa9c02c9b4c0d6866aa445f11056809b25ca28 | affected |
| Linux | Linux | 282631cb2447318e2a55b41a665dbe8571c46d70 < 1afe45f89d54b7183768ebbbbf14238ec187ab5c | affected |
| Linux | Linux | 282631cb2447318e2a55b41a665dbe8571c46d70 < b351fbe71091f7c8676c8ba597653d08b6719447 | affected |
| Linux | Linux | 282631cb2447318e2a55b41a665dbe8571c46d70 < 5747435e0fd474c24530ef1a6822f47e7d264b27 | affected |
| Linux | Linux | 6.9 | affected |
| Linux | Linux | 0 < 6.9 | unaffected |
| Linux | Linux | 6.12.75 <= 6.12.* | unaffected |
| Linux | Linux | 6.18.16 <= 6.18.* | unaffected |
| Linux | Linux | 6.19.6 <= 6.19.* | unaffected |
| Linux | Linux | 7.0 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/2efa9c02c9b4c0d6866aa445f11056809b25ca28
- https://git.kernel.org/stable/c/1afe45f89d54b7183768ebbbbf14238ec187ab5c
- https://git.kernel.org/stable/c/b351fbe71091f7c8676c8ba597653d08b6719447
- https://git.kernel.org/stable/c/5747435e0fd474c24530ef1a6822f47e7d264b27
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.