CVE-2026-43469 - Vulnerability Details

- xprtrdma: Decrement re_receiving on the early exit paths

Description

In the Linux kernel, the following vulnerability has been resolved:

xprtrdma: Decrement re_receiving on the early exit paths

In the event that rpcrdma_post_recvs() fails to create a work request
(due to memory allocation failure, say) or otherwise exits early, we
should decrement ep->re_receiving before returning. Otherwise we will
hang in rpcrdma_xprt_drain() as re_receiving will never reach zero and
the completion will never be triggered.

On a system with high memory pressure, this can appear as the following
hung task:

INFO: task kworker/u385:17:8393 blocked for more than 122 seconds.
Tainted: G S E 6.19.0 #3
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u385:17 state:D stack:0 pid:8393 tgid:8393 ppid:2 task_flags:0x4248060 flags:0x00080000
Workqueue: xprtiod xprt_autoclose [sunrpc]
Call Trace:
<TASK>
__schedule+0x48b/0x18b0
? ib_post_send_mad+0x247/0xae0 [ib_core]
schedule+0x27/0xf0
schedule_timeout+0x104/0x110
__wait_for_common+0x98/0x180
? __pfx_schedule_timeout+0x10/0x10
wait_for_completion+0x24/0x40
rpcrdma_xprt_disconnect+0x444/0x460 [rpcrdma]
xprt_rdma_close+0x12/0x40 [rpcrdma]
xprt_autoclose+0x5f/0x120 [sunrpc]
process_one_work+0x191/0x3e0
worker_thread+0x2e3/0x420
? __pfx_worker_thread+0x10/0x10
kthread+0x10d/0x230
? __pfx_kthread+0x10/0x10
ret_from_fork+0x273/0x2b0
? __pfx_kthread+0x10/0x10
ret_from_fork_asm+0x1a/0x30

Published: 2026-05-08

Score: 7.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`15788d1d1077ebe029c48842c738876516d85076`	affected	< 7ea69259a60a364f56cf4aa9e2eafb588d1c762b
`15788d1d1077ebe029c48842c738876516d85076`	affected	< 8cb6b5d8296b1f99a8d36849901ebabfe3f749db
`15788d1d1077ebe029c48842c738876516d85076`	affected	< 74c39a47856bddcde7874f2196a00143b5cd0af9
`15788d1d1077ebe029c48842c738876516d85076`	affected	< 49f53ee4e25297d886f14e31f355ad1c2735ddfb
`15788d1d1077ebe029c48842c738876516d85076`	affected	< 8127b5fec04757c2a41ed65bca0b3266968efd3b
`15788d1d1077ebe029c48842c738876516d85076`	affected	< dc3ebd7e2d73dbd4d317785735ffa6c4a6384ddf
`15788d1d1077ebe029c48842c738876516d85076`	affected	< 7b6275c80a0c81c5f8943272292dfe67730ce849

Linux

affected

Version	Status	Constraints
`5.13`	affected	—
`0`	unaffected	< 5.13
`5.15.203`	unaffected	≤ 5.15.*
`6.1.167`	unaffected	≤ 6.1.*
`6.6.130`	unaffected	≤ 6.6.*
`6.12.78`	unaffected	≤ 6.12.*
`6.18.19`	unaffected	≤ 6.18.*
`6.19.9`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[15788d1d1077ebe029c48842c738876516d85076,7ea69259a60a364f56cf4aa9e2eafb588d1c762b)`	affected	code_commit	—
`[15788d1d1077ebe029c48842c738876516d85076,8cb6b5d8296b1f99a8d36849901ebabfe3f749db)`	affected	code_commit	—
`[15788d1d1077ebe029c48842c738876516d85076,74c39a47856bddcde7874f2196a00143b5cd0af9)`	affected	code_commit	—
`[15788d1d1077ebe029c48842c738876516d85076,49f53ee4e25297d886f14e31f355ad1c2735ddfb)`	affected	code_commit	—
`[15788d1d1077ebe029c48842c738876516d85076,8127b5fec04757c2a41ed65bca0b3266968efd3b)`	affected	code_commit	—
`[15788d1d1077ebe029c48842c738876516d85076,dc3ebd7e2d73dbd4d317785735ffa6c4a6384ddf)`	affected	code_commit	—
`[15788d1d1077ebe029c48842c738876516d85076,7b6275c80a0c81c5f8943272292dfe67730ce849)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`5.13`	affected	semver	—
`[0,5.13)`	unaffected	semver	—
`[5.15.203,5.15.*]`	unaffected	semver	—
`[6.1.167,6.1.*]`	unaffected	semver	—
`[6.6.130,6.6.*]`	unaffected	semver	—
`[6.12.78,6.12.*]`	unaffected	semver	—
`[6.18.19,6.18.*]`	unaffected	semver	—
`[6.19.9,6.19.*]`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0007.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/49f53ee4e25297d886f14e31f355ad1c2735ddfb
https://git.kernel.org/stable/c/74c39a47856bddcde7874f2196a00143b5cd0af9
https://git.kernel.org/stable/c/7b6275c80a0c81c5f8943272292dfe67730ce849
https://git.kernel.org/stable/c/7ea69259a60a364f56cf4aa9e2eafb588d1c762b
https://git.kernel.org/stable/c/8127b5fec04757c2a41ed65bca0b3266968efd3b
https://git.kernel.org/stable/c/8cb6b5d8296b1f99a8d36849901ebabfe3f749db
https://git.kernel.org/stable/c/dc3ebd7e2d73dbd4d317785735ffa6c4a6384ddf
https://lore.kernel.org/linux-cve-announce/2026050804-CVE-2026-43469-3846@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43469
https://www.cve.org/CVERecord?id=CVE-2026-43469

History

Mon, 11 May 2026 07:45:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}`	cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}`

Sat, 09 May 2026 14:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-665

Sat, 09 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-772
References		https://lore.kernel.org/linux-cve-announce/2026050804-CVE-2026-43469-3846@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43469 https://www.cve.org/CVERecord?id=CVE-2026-43469
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Moderate`

Fri, 08 May 2026 17:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-665

Fri, 08 May 2026 14:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: xprtrdma: Decrement re_receiving on the early exit paths In the event that rpcrdma_post_recvs() fails to create a work request (due to memory allocation failure, say) or otherwise exits early, we should decrement ep->re_receiving before returning. Otherwise we will hang in rpcrdma_xprt_drain() as re_receiving will never reach zero and the completion will never be triggered. On a system with high memory pressure, this can appear as the following hung task: INFO: task kworker/u385:17:8393 blocked for more than 122 seconds. Tainted: G S E 6.19.0 #3 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u385:17 state:D stack:0 pid:8393 tgid:8393 ppid:2 task_flags:0x4248060 flags:0x00080000 Workqueue: xprtiod xprt_autoclose [sunrpc] Call Trace: <TASK> __schedule+0x48b/0x18b0 ? ib_post_send_mad+0x247/0xae0 [ib_core] schedule+0x27/0xf0 schedule_timeout+0x104/0x110 __wait_for_common+0x98/0x180 ? __pfx_schedule_timeout+0x10/0x10 wait_for_completion+0x24/0x40 rpcrdma_xprt_disconnect+0x444/0x460 [rpcrdma] xprt_rdma_close+0x12/0x40 [rpcrdma] xprt_autoclose+0x5f/0x120 [sunrpc] process_one_work+0x191/0x3e0 worker_thread+0x2e3/0x420 ? __pfx_worker_thread+0x10/0x10 kthread+0x10d/0x230 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x273/0x2b0 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30
Title		xprtrdma: Decrement re_receiving on the early exit paths
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/49f53ee4e25297d886f14e31f355ad1c2735ddfb https://git.kernel.org/stable/c/74c39a47856bddcde7874f2196a00143b5cd0af9 https://git.kernel.org/stable/c/7b6275c80a0c81c5f8943272292dfe67730ce849 https://git.kernel.org/stable/c/7ea69259a60a364f56cf4aa9e2eafb588d1c762b https://git.kernel.org/stable/c/8127b5fec04757c2a41ed65bca0b3266968efd3b https://git.kernel.org/stable/c/8cb6b5d8296b1f99a8d36849901ebabfe3f749db https://git.kernel.org/stable/c/dc3ebd7e2d73dbd4d317785735ffa6c4a6384ddf

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-08T14:22:29.550Z

Updated: 2026-05-11T22:25:12.698Z

Reserved: 2026-05-01T14:12:56.011Z

Link: CVE-2026-43469

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-08T15:16:59.957

Modified: 2026-05-12T14:10:27.343

Link: CVE-2026-43469

Redhat

Severity : Moderate

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43469 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-11T09:15:26Z

Weaknesses

CWE-772

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object