SB2026050866 - Deadlock in Linux kernel mlx5 core driver
Published: May 8, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Deadlock (CVE-ID: CVE-2026-43468)
CWE-ID: CWE-833 - Deadlock
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper locking in net/mlx5 eswitch event handling when processing eswitch mode changes and queued work items. A local user can trigger eswitch mode changes to cause a denial of service.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0de867f6e34eae6907b367fd152c55e61cb98608
- https://git.kernel.org/stable/c/3c7313cb41b1b427078440364d2f042c276a1c0b
- https://git.kernel.org/stable/c/4a7838bebc38374f74baaf88bf2cf8d439a92923
- https://git.kernel.org/stable/c/90e7e5d14d0bd25ffd019a3aa39d9f1c05fedbe1
- https://git.kernel.org/stable/c/957d2a58f7f8ebcbdd0a85935e0d2675134b890d
- https://git.kernel.org/stable/c/aed763abf0e905b4b8d747d1ba9e172961572f57