PatchSiren cyber security CVE debrief
CVE-2026-43482 Linux CVE debrief
CVE-2026-43482 describes a Linux kernel sched_ext bug where a task can be preempted after scx_claim_exit() sets the exit state but before the helper work is kicked. In that gap, error handling is intentionally disabled, so the task may not be scheduled back to queue the helper work. If that happens, bypass mode never activates, teardown does not proceed, tasks stop being dispatched, and the system can wedge. The fix is to disable preemption across the claim-and-kick sequence in the affected callers and to enforce that requirement with a lockdep assertion.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-13
- Original CVE updated
- 2026-05-13
- Advisory published
- 2026-05-13
- Advisory updated
- 2026-05-13
Who should care
Linux operators and platform teams running kernels with sched_ext/BPF schedulers enabled, especially in production environments where a full system wedge would be operationally disruptive.
Technical summary
The issue is a narrow race in the sched_ext exit path. scx_claim_exit() atomically sets exit_kind so that scx_error() stops triggering additional error handling. The caller must then immediately kick helper kthread work to start bypass mode and teardown. If preemption occurs between those two steps, and the BPF scheduler does not run the task again, the helper work is never queued. That leaves the system stuck in a state where dispatching ceases. The reported fix disables preemption across scx_claim_exit() and the subsequent work kick in scx_disable() and scx_vexit(), and adds lockdep_assert_preemption_disabled() to enforce the invariant.
Defensive priority
High for systems using sched_ext in production or test environments. The bug can cause a wedge rather than a mere service degradation, so kernels that rely on sched_ext should be prioritized for patch verification and deployment.
Recommended defensive actions
- Identify whether any deployed kernels use sched_ext or BPF-based scheduling features.
- Review kernel versions that include the affected sched_ext exit path and confirm whether the referenced fix commits are present.
- Apply vendor or stable kernel updates that include the fix for scx_claim_exit() preemption handling.
- After patching, validate that teardown/exit flows complete cleanly in sched_ext-enabled test systems.
- Monitor for hangs or stalled dispatch behavior on systems using custom BPF schedulers, and treat unexpected wedges as a patching priority.
Evidence notes
This debrief is based only on the supplied CVE record text and the official kernel stable commit references included in the source corpus. The CVE description explicitly states the failure mode, the affected functions (scx_claim_exit(), scx_disable(), scx_vexit()), and the mitigation (disabling preemption plus a lockdep assertion). The supplied NVD-derived record does not provide a CVSS score or vector.
Official resources
-
CVE-2026-43482 CVE record
CVE.org
-
CVE-2026-43482 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Public CVE record published on 2026-05-13T16:16:51.390Z; the supplied record was modified at the same timestamp.