What is GHSA-3vvp-54wc-f6jr?

GHSA-3vvp-54wc-f6jr is a security advisory published by GitHub Security Advisories with Medium severity. In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix SCX_KICK_WAIT...

Which CVE IDs does GHSA-3vvp-54wc-f6jr cover?

GHSA-3vvp-54wc-f6jr covers the following CVE IDs: CVE-2026-43326. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-3vvp-54wc-f6jr?

GHSA-3vvp-54wc-f6jr has a CVSS v3 base score of 5.5, published by GitHub Security Advisories.

GHSA-3vvp-54wc-f6jrMediumCVSS 5.5

In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix SCX_KICK_WAIT...

Vendor

GitHub Security Advisories

Published

May 8, 2026

Last Modified

May 15, 2026

🔗 CVE IDs covered (1)

CVE-2026-43326 →

📋 Description

In the Linux kernel, the following vulnerability has been resolved:

sched_ext: Fix SCX_KICK_WAIT deadlock by deferring wait to balance callback

SCX_KICK_WAIT busy-waits in kick_cpus_irq_workfn() using smp_cond_load_acquire() until the target CPU's kick_sync advances. Because the irq_work runs in hardirq context, the waiting CPU cannot reschedule and its own kick_sync never advances. If multiple CPUs form a wait cycle, all CPUs deadlock.

Replace the busy-wait in kick_cpus_irq_workfn() with resched_curr() to force the CPU through do_pick_task_scx(), which queues a balance callback to perform the wait. The balance callback drops the rq lock and enables IRQs following the sched_core_balance() pattern, so the CPU can process IPIs while waiting. The local CPU's kick_sync is advanced on entry to do_pick_task_scx() and continuously during the wait, ensuring any CPU that starts waiting for us sees the advancement and cannot form cyclic dependencies.

🔗 CVE IDs covered (1)

📋 Description

🔗 References (4)