Race condition in Linux kernel - CVE-2026-43439
Published: May 8, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a race condition in css_task_iter handling in the cgroup task iteration logic when iterating tasks concurrently with task migration between css_set lists. A local user can trigger task migration while cgroup.procs is being read to cause a denial of service.
Successful exploitation requires a very small race window between task migration and iteration, and may lead to crashes or infinite loops.
How to mitigate CVE-2026-43439
Sources
- https://git.kernel.org/stable/c/3b95abab7369235a37b15eaec6e1a0b443bba7c7
- https://git.kernel.org/stable/c/3dfd1328c05234e8d8fa61948b2ba82680594988
- https://git.kernel.org/stable/c/4a9654a2b46cfdaae287fb8995f536245635e467
- https://git.kernel.org/stable/c/5ee01f1a7343d6a3547b6802ca2d4cdce0edacb1
- https://git.kernel.org/stable/c/7c85debc35e6d131bd29c64f2ae78c6ede0e55c4
- https://git.kernel.org/stable/c/86ceaccfdfa16dad05addb33dc206e03589bcfd1
- https://git.kernel.org/stable/c/9cca530c7cc1b3e02cb8fa7f80060dd4b38562ce
- https://git.kernel.org/stable/c/9dc76f6fc0d28d2382583715bc4ec22f28104845