CVE-2026-45957 Linux CVE debrief

Who should care

Linux kernel maintainers, distribution security teams, and operators of systems running kernel 6.18-rc or stable branches with ftrace-enabled workloads. The deadloop condition can cause CPU lockup and system unavailability on affected systems.

Technical summary

The vulnerability exists in the RCU subsystem's __rcu_read_unlock() path. When ftrace stack tracing is active, raise_softirq_irqoff() can recursively trigger RCU read unlock processing, creating an unbounded loop. The root cause is the absence of recursion protection after commit 5f5fa7ea89dc removed negative nesting depth handling. The fix introduces a defer_qs_pending flag check before softirq raising, extending the pattern established for IRQ work in commit b41642c87716. This prevents re-entrant execution of the quiescent state deferral logic.

Defensive priority

high

Recommended defensive actions

• Apply kernel patches from stable branches: 6.1.y, 6.6.y, 6.12.y, 6.14.y, and mainline
• Verify kernel configuration does not enable ftrace on production systems where RCU performance is critical
• Monitor for kernel updates addressing CVE-2026-45957 in distribution security advisories
• Review RCU-related kernel logs for WARNING traces indicating potential deadloop conditions
• Test RCU-intensive workloads after patching to verify stability improvements

Evidence notes

The vulnerability description includes a detailed kernel stack trace showing the recursive loop pattern through raise_softirq_irqoff() → rcu_read_unlock_special() → unwind_next_frame() → stack_trace_save() → __ftrace_trace_stack() → trace_buffer_unlock_commit_regs() → trace_event_buffer_commit() → trace_event_raw_event_softirq() → raise_softirq_irqoff(). The fix renames the existing deferral flag to defer_qs_pending for broader applicability across both IRQ work and softirq contexts.

Official resources