CVE-2026-53314
N/AIn the Linux kernel, the following vulnerability has been resolved: padata: Put CPU offline callback in ONLINE section to allow failure syzbot reported the following warning: DEAD callback error for CPU1 WARNING: kernel/cpu.c:1463 at _cpu_down+0x759/0x1020 kernel/cpu.c:1463, CPU#0: syz.0.1960/14614 at commit 4ae12d8bd9a8 ("Merge tag 'kbuild-fixes-7.0-2' of git://git.kernel.org/pub/scm/linux/kernel/git/kbuild/linux") which tglx traced to padata_cpu_dead() given it's the only sub-CPUHP_TEARDOWN_CPU callback that returns an error. Failure isn't allowed in hotplug states before CPUHP_TEARDOWN_CPU so move the CPU offline callback to the ONLINE section where failure is possible.
No known exploitation, public exploit, or elevated probability at this time. Track for changes.
Exploitation likelihood
0.2%chance of exploitation in 30 days · 6th percentile
Impact if exploited
—CVSS · not scored
- No impact metrics
References
Technical & other
- https://git.kernel.org/stable/c/65dae8b34f0810f3fa9f77c4c63650cd20820693
- https://git.kernel.org/stable/c/a6d44f477000c6352de6b05e9e276e62083e5fbf
- https://git.kernel.org/stable/c/3e6c08dd97dcd22a00aee469e0adfa819071d80e
- https://git.kernel.org/stable/c/5a9f29a3e076b637d2234093e57989cf755ded5b
- https://git.kernel.org/stable/c/9afe53f14a2aae8c4beb30e5ea51641a34f1a3d3
- https://git.kernel.org/stable/c/c8c4a2972f83c8b68ff03b43cecdb898939ff851