CVE-2026-43482: Kernel Preemption Issue in Linux Kernel

The core of the vulnerability lies in the schedext scheduler's handling of exit procedures. Specifically, the scxclaim_exit() function atomically sets an exit kind to prevent further error handling. Following this, a helper kthread work is intended to be kicked, initiating bypass mode and teardown. However, if the calling task is preempted before this helper work is kicked, and the BPF scheduler fails to reschedule it, the helper work is never queued. This leaves the system in a state where bypass mode isn't activated, and critical error handling is suppressed. While the precise impact is still being evaluated, this scenario could lead to system instability, unexpected behavior, or potentially denial-of-service conditions, particularly in environments heavily reliant on BPF scheduling. The lack of proper error handling could also mask underlying issues, making debugging more difficult.

1. Reservado2026-05-01
2. Publicada2026-05-13

The primary mitigation for CVE-2026-43482 is to upgrade to the fixed Linux kernel version 41423912f7ac7494ccd6eef411227b4efce740e0. Before upgrading, it's crucial to review the kernel changelog for any potential compatibility issues with existing drivers or applications. If a direct upgrade is not feasible due to compatibility concerns, consider applying relevant patches or backporting the fix to an older, supported kernel version, though this requires careful testing. There are no known WAF or proxy rules that can directly mitigate this kernel-level vulnerability. Monitoring system logs for unusual scheduler behavior or errors related to BPF scheduling could provide early indicators of potential exploitation, but this is not a preventative measure. After upgrading, confirm the fix by examining the kernel version (uname -r) and verifying that the sched_ext component is functioning as expected under load.