PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-43475 Linux CVE debrief

CVE-2026-43475 affects the Linux kernel storvsc path used by Hyper-V guests. On PREEMPT_RT kernels, the issue can trigger a "scheduling while atomic" warning and a lock-up during storage I/O, creating an availability problem rather than a confidentiality or integrity issue. NVD rates the CVE CVSS 5.5/Medium with low-privilege local attack conditions and high availability impact.

Vendor
Linux
Product
Unknown
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-08
Original CVE updated
2026-05-21
Advisory published
2026-05-08
Advisory updated
2026-05-21

Who should care

Linux kernel maintainers, distro security teams, and operators of Hyper-V guests that run PREEMPT_RT or RT-enabled kernels, especially where storage I/O is sensitive to hangs or lockups.

Technical summary

The CVE description says the storvsc SCSI driver was fixed to address scheduling while atomic on PREEMPT_RT. The provided crash trace shows the failure path involving storvsc_queuecommand, hv_ringbuffer_write, vmbus_sendpacket_mpb_desc, and rt_spin_lock, ending in a kernel splat and lock-up while handling storage activity on Hyper-V. NVD marks multiple kernel branches vulnerable up to the listed fixed release boundaries, indicating the problem spans several maintained kernel lines.

Defensive priority

Medium. Prioritize if you run Linux guests on Hyper-V with PREEMPT_RT or otherwise RT-sensitive kernels; the impact is service disruption and potential guest hangs.

Recommended defensive actions

  • Apply the kernel update or backport that includes the storvsc PREEMPT_RT fix for your branch.
  • Use the NVD version boundaries as upgrade targets: update past 5.10.253, 5.15.203, 6.1.167, 6.6.130, 6.12.78, 6.18.19, or 6.19.9, depending on the release line you run.
  • If you maintain a custom RT kernel, confirm the storvsc patch is present in your downstream tree before deploying.
  • After patching, validate Hyper-V guest storage workloads under PREEMPT_RT to confirm the lock-up no longer reproduces.
  • Monitor kernel logs for "scheduling while atomic" messages involving hv_storvsc or hv_ringbuffer_write as an operational indicator of the issue.

Evidence notes

The CVE record and NVD detail identify the issue as a Linux kernel storvsc problem on Hyper-V with PREEMPT_RT, and the NVD CVSS vector is AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The NVD record also lists affected-version ranges for several kernel branches and provides kernel.org stable patch references as remediation evidence. All timing in this debrief uses the supplied CVE published and modified timestamps; it does not infer issue date from patch publication.

Official resources

Publicly disclosed in the CVE record on 2026-05-08 and last modified in NVD on 2026-05-21. The supplied source corpus ties remediation to kernel.org stable patch references.