Bug 2493711 (CVE-2026-53314) - CVE-2026-53314 kernel: padata: Put CPU offline callback in ONLINE section to allow failure
Summary: CVE-2026-53314 kernel: padata: Put CPU offline callback in ONLINE section to ...
Keywords:
Status: NEW
Alias: CVE-2026-53314
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-06-26 21:02 UTC by OSIDB Bzimport
Modified: 2026-06-29 20:38 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-06-26 21:02:18 UTC
In the Linux kernel, the following vulnerability has been resolved:

padata: Put CPU offline callback in ONLINE section to allow failure

syzbot reported the following warning:

    DEAD callback error for CPU1
    WARNING: kernel/cpu.c:1463 at _cpu_down+0x759/0x1020 kernel/cpu.c:1463, CPU#0: syz.0.1960/14614

at commit 4ae12d8bd9a8 ("Merge tag 'kbuild-fixes-7.0-2' of git://git.kernel.org/pub/scm/linux/kernel/git/kbuild/linux")
which tglx traced to padata_cpu_dead() given it's the only
sub-CPUHP_TEARDOWN_CPU callback that returns an error.

Failure isn't allowed in hotplug states before CPUHP_TEARDOWN_CPU
so move the CPU offline callback to the ONLINE section where failure is
possible.

Comment 1 Mauro Matteo Cascella 2026-06-29 20:19:39 UTC
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026062621-CVE-2026-53314-d913@gregkh/T


Note You need to log in before you can comment on or make changes to this bug.