PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-43468 Linux CVE debrief

CVE-2026-43468 is a Linux kernel issue in the mlx5 driver’s eswitch/devlink path where a workqueue handler could deadlock with the devlink lock during eswitch mode changes. The upstream fix removes the problematic workqueue flush, adds a generation counter to ignore stale work, and defers final draining to cleanup. The practical result is a local denial-of-service risk from kernel lockup rather than a confidentiality or integrity issue.

Vendor
Linux
Product
Unknown
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-08
Original CVE updated
2026-05-21
Advisory published
2026-05-08
Advisory updated
2026-05-21

Who should care

Linux kernel maintainers, distro security teams, and operators running mlx5-based networking features with devlink/eswitch management should prioritize this advisory, especially in environments that allow local privileged access to network configuration paths.

Technical summary

The vulnerable path is described as esw->work_queue running esw_functions_changed_event_handler -> esw_vfs_changed_event_handler, which acquires the devlink lock. A concurrent .eswitch_mode_set path acquires the devlink lock via devlink_nl_pre_doit, then proceeds through mlx5_devlink_eswitch_mode_set -> mlx5_eswitch_disable_locked -> mlx5_eswitch_event_handler_unregister -> flush_workqueue. If the handler is executing at the same time, the flush can deadlock on the lock ordering. The fix replaces that flush-based synchronization with a generation counter: unregister increments the counter, the scheduled work captures the generation, and the handler bails if the current generation no longer matches. Final draining is moved to mlx5_eswitch_cleanup before the workqueue is destroyed.

Defensive priority

High for affected kernels and deployments using mlx5 eswitch/devlink features, because the impact is a kernel-level hang/deadlock with availability loss. The CVSS vector is AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Recommended defensive actions

  • Apply the upstream/stable kernel fixes referenced in the official patch links.
  • Upgrade to a kernel release that includes the backported fix; NVD marks affected ranges ending before 6.1.167, 6.6.130, 6.12.78, 6.18.19, and 6.19.9, plus 7.0 RC builds listed in the record.
  • If immediate patching is not possible, restrict local access to devlink/eswitch management paths to trusted administrators only.
  • Monitor affected hosts for kernel hangs or networking management stalls during eswitch mode changes.
  • Track vendor or distribution advisories for backport status, since the fix is in Linux stable patch streams.

Evidence notes

The CVE description states the deadlock occurs between devlink lock acquisition and esw->wq workqueue handling in mlx5, and that the fix uses a generation counter instead of flushing the workqueue. NVD classifies the issue as CWE-667 and CVSS 3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. NVD’s analyzed record lists patch references on git.kernel.org and version bounds for affected Linux kernel releases.

Official resources

CVE published by the source record on 2026-05-08T15:16:59.830Z and modified on 2026-05-21T15:00:34.340Z. The available patch references indicate the issue was publicly fixed in Linux stable/kernel git references.