PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-43385 Git CVE debrief

CVE-2026-43385 describes a Linux kernel networking issue where threaded busypoll can prevent rcu_tasks from making progress, leading to stalls and hangs. The supplied report says the problem can show up as delayed or stuck rcu_tasks grace periods and task stall warnings, with user-space tooling such as bpftrace hanging on startup. The available corpus indicates the issue is fixed by kernel changes referenced by official stable commit links. The impact is availability-only: NVD rates it High, with no confidentiality or integrity impact in the provided CVSS vector.

Vendor
Git
Product
Unknown
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-08
Original CVE updated
2026-05-11
Advisory published
2026-05-08
Advisory updated
2026-05-11

Who should care

Linux kernel maintainers, distribution security teams, and operators running networking workloads that use threaded busypoll or threaded NAPI polling, especially where kernel stalls would affect service availability.

Technical summary

According to the supplied description, threaded busypoll places the main loop in napi_threaded_poll rather than napi_threaded_poll_loop. That matters because rcu_softirq_qs_periodic depends on observing a quiescent-state timestamp that is not reliably preserved across loop invocations in this mode. The report states that napi_threaded_poll_loop rarely iterates more than once under threaded busypoll, and that last_qs is reset to the latest jiffies on each call, preventing the needed 100 ms delay needed for rcu_tasks progress reporting. The described fix saves last_qs in the outer napi_threaded_poll path and uses whether busy_poll_last_qs is NULL to distinguish busypoll handling, so the timestamp is not reset on every loop entry.

Defensive priority

High. This is a kernel availability issue with no UI or privileges required in the NVD vector, and it can create persistent stalls in affected networking paths, so systems using threaded busypoll should be updated promptly.

Recommended defensive actions

  • Apply the kernel updates or backports that include the referenced fixes from the official stable kernel links.
  • Prioritize systems that enable threaded busypoll, threaded NAPI polling, or related high-throughput NIC configurations.
  • Monitor for rcu_tasks stall warnings, repeated grace-period delay messages, and hangs in networking-related tools or workloads.
  • Verify your distribution's kernel changelog or security advisory to confirm the fix is present in your exact build.

Evidence notes

This debrief is based only on the supplied CVE description, the NVD record, and the official kernel.org stable commit references. The corpus supports a Linux kernel networking availability issue involving threaded busypoll and rcu_tasks stalls, but it does not provide affected version ranges or broader exploitation evidence.

Official resources

CVE published 2026-05-08 and modified 2026-05-11. NVD lists the issue as received and assigns a High severity CVSS 3.1 vector of AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, with official kernel.org stable commit links referenced for the fix.