CVE-2026-53314

Summary

In the Linux kernel, the following vulnerability has been resolved:

padata: Put CPU offline callback in ONLINE section to allow failure

syzbot reported the following warning:

DEAD callback error for CPU1
WARNING: kernel/cpu.c:1463 at _cpu_down+0x759/0x1020 kernel/cpu.c:1463, CPU#0: syz.0.1960/14614

at commit 4ae12d8bd9a8 ("Merge tag 'kbuild-fixes-7.0-2' of git://git.kernel.org/pub/scm/linux/kernel/git/kbuild/linux") which tglx traced to padata_cpu_dead() given it's the only sub-CPUHP_TEARDOWN_CPU callback that returns an error.

Failure isn't allowed in hotplug states before CPUHP_TEARDOWN_CPU so move the CPU offline callback to the ONLINE section where failure is possible.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux894c9ef9780c5cf2f143415e867ee39a33ecb75d < 65dae8b34f0810f3fa9f77c4c63650cd20820693affected
LinuxLinux894c9ef9780c5cf2f143415e867ee39a33ecb75d < a6d44f477000c6352de6b05e9e276e62083e5fbfaffected
LinuxLinux894c9ef9780c5cf2f143415e867ee39a33ecb75d < 3e6c08dd97dcd22a00aee469e0adfa819071d80eaffected
LinuxLinux894c9ef9780c5cf2f143415e867ee39a33ecb75d < 5a9f29a3e076b637d2234093e57989cf755ded5baffected
LinuxLinux894c9ef9780c5cf2f143415e867ee39a33ecb75d < 9afe53f14a2aae8c4beb30e5ea51641a34f1a3d3affected
LinuxLinux894c9ef9780c5cf2f143415e867ee39a33ecb75d < c8c4a2972f83c8b68ff03b43cecdb898939ff851affected
LinuxLinux2b1207801c393a5e9af2fbac2dd8b0377d8ae63aaffected
LinuxLinux0685dfa0a2ff7635c0b64f7b7f0fafbf1c3e0c14affected
LinuxLinux3f4d3d010477365ee1aefedc3ad52563740b777eaffected
LinuxLinux4.19.202 < 4.20affected
LinuxLinux5.4.22 < 5.5affected
LinuxLinux5.5.6 < 5.6affected
LinuxLinux5.6affected
LinuxLinux0 < 5.6unaffected
LinuxLinux6.1.175 <= 6.1.*unaffected
LinuxLinux6.6.141 <= 6.6.*unaffected
LinuxLinux6.12.91 <= 6.12.*unaffected
LinuxLinux6.18.33 <= 6.18.*unaffected
LinuxLinux7.0.10 <= 7.0.*unaffected
LinuxLinux7.1 <= *unaffected

Weaknesses

References