xprtrdma: Decrement re_receiving on the early exit paths_CVE-2026-43469

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Description

In the Linux kernel, the following vulnerability has been resolved:

xprtrdma: Decrement re_receiving on the early exit paths

In the event that rpcrdma_post_recvs() fails to create a work request
(due to memory allocation failure, say) or otherwise exits early, we
should decrement ep->re_receiving before returning. Otherwise we will
hang in rpcrdma_xprt_drain() as re_receiving will never reach zero and
the completion will never be triggered.

On a system with high memory pressure, this can appear as the following
hung task:

INFO: task kworker/u385:17:8393 blocked for more than 122 seconds.
Tainted: G S E 6.19.0 #3
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u385:17 state:D stack:0 pid:8393 tgid:8393 ppid:2 task_flags:0x4248060 flags:0x00080000
Workqueue: xprtiod xprt_autoclose [sunrpc]
Call Trace:
<TASK>
__schedule+0x48b/0x18b0
? ib_post_send_mad+0x247/0xae0 [ib_core]
schedule+0x27/0xf0
schedule_timeout+0x104/0x110
__wait_for_common+0x98/0x180
? __pfx_schedule_timeout+0x10/0x10
wait_for_completion+0x24/0x40
rpcrdma_xprt_disconnect+0x444/0x460 [rpcrdma]
xprt_rdma_close+0x12/0x40 [rpcrdma]
xprt_autoclose+0x5f/0x120 [sunrpc]
process_one_work+0x191/0x3e0
worker_thread+0x2e3/0x420
? __pfx_worker_thread+0x10/0x10
kthread+0x10d/0x230
? __pfx_kthread+0x10/0x10
ret_from_fork+0x273/0x2b0
? __pfx_kthread+0x10/0x10
ret_from_fork_asm+0x1a/0x30

Basic Information

ID CVE-2026-43469

Source Linux

Published May 8, 2026 at 14:22

Modified May 11, 2026 at 06:34

Affected Product

Vendor Linux

Product Linux

Version 15788d1d1077ebe029c48842c738876516d85076

Affected Versions Linux Linux 15788d1d1077ebe029c48842c738876516d85076
Linux Linux 15788d1d1077ebe029c48842c738876516d85076
Linux Linux 15788d1d1077ebe029c48842c738876516d85076
Linux Linux 15788d1d1077ebe029c48842c738876516d85076
Linux Linux 15788d1d1077ebe029c48842c738876516d85076
Linux Linux 15788d1d1077ebe029c48842c738876516d85076
Linux Linux 15788d1d1077ebe029c48842c738876516d85076
Linux Linux 5.13

References

{
    "lastseen": "",
    "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nxprtrdma: Decrement re_receiving on the early exit paths\n\nIn the event that rpcrdma_post_recvs() fails to create a work request\n(due to memory allocation failure, say) or otherwise exits early, we\nshould decrement ep->re_receiving before returning. Otherwise we will\nhang in rpcrdma_xprt_drain() as re_receiving will never reach zero and\nthe completion will never be triggered.\n\nOn a system with high memory pressure, this can appear as the following\nhung task:\n\n    INFO: task kworker/u385:17:8393 blocked for more than 122 seconds.\n          Tainted: G S          E       6.19.0 #3\n    \"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n    task:kworker/u385:17 state:D stack:0     pid:8393  tgid:8393  ppid:2      task_flags:0x4248060 flags:0x00080000\n    Workqueue: xprtiod xprt_autoclose [sunrpc]\n    Call Trace:\n     <TASK>\n     __schedule+0x48b/0x18b0\n     ? ib_post_send_mad+0x247/0xae0 [ib_core]\n     schedule+0x27/0xf0\n     schedule_timeout+0x104/0x110\n     __wait_for_common+0x98/0x180\n     ? __pfx_schedule_timeout+0x10/0x10\n     wait_for_completion+0x24/0x40\n     rpcrdma_xprt_disconnect+0x444/0x460 [rpcrdma]\n     xprt_rdma_close+0x12/0x40 [rpcrdma]\n     xprt_autoclose+0x5f/0x120 [sunrpc]\n     process_one_work+0x191/0x3e0\n     worker_thread+0x2e3/0x420\n     ? __pfx_worker_thread+0x10/0x10\n     kthread+0x10d/0x230\n     ? __pfx_kthread+0x10/0x10\n     ret_from_fork+0x273/0x2b0\n     ? __pfx_kthread+0x10/0x10\n     ret_from_fork_asm+0x1a/0x30",
    "published": "2026-05-08T14:22:29.550Z",
    "modified": "2026-05-11T06:34:57.133Z",
    "type": "cve",
    "title": "xprtrdma: Decrement re_receiving on the early exit paths",
    "source": "Linux",
    "references": "https://git.kernel.org/stable/c/7ea69259a60a364f56cf4aa9e2eafb588d1c762b\nhttps://git.kernel.org/stable/c/8cb6b5d8296b1f99a8d36849901ebabfe3f749db\nhttps://git.kernel.org/stable/c/74c39a47856bddcde7874f2196a00143b5cd0af9\nhttps://git.kernel.org/stable/c/49f53ee4e25297d886f14e31f355ad1c2735ddfb\nhttps://git.kernel.org/stable/c/8127b5fec04757c2a41ed65bca0b3266968efd3b\nhttps://git.kernel.org/stable/c/dc3ebd7e2d73dbd4d317785735ffa6c4a6384ddf\nhttps://git.kernel.org/stable/c/7b6275c80a0c81c5f8943272292dfe67730ce849",
    "id": "CVE-2026-43469",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Linux Linux 15788d1d1077ebe029c48842c738876516d85076\nLinux Linux 15788d1d1077ebe029c48842c738876516d85076\nLinux Linux 15788d1d1077ebe029c48842c738876516d85076\nLinux Linux 15788d1d1077ebe029c48842c738876516d85076\nLinux Linux 15788d1d1077ebe029c48842c738876516d85076\nLinux Linux 15788d1d1077ebe029c48842c738876516d85076\nLinux Linux 15788d1d1077ebe029c48842c738876516d85076\nLinux Linux 5.13",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Linux",
    "version": "15788d1d1077ebe029c48842c738876516d85076",
    "vendor": "Linux",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply