Bug 2495947 (CVE-2026-53326) - CVE-2026-53326 kernel: debugobjects: Don't call fill_pool() in early boot hardirq context
Summary: CVE-2026-53326 kernel: debugobjects: Don't call fill_pool() in early boot har...
Keywords:
Status: NEW
Alias: CVE-2026-53326
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-07-01 14:02 UTC by OSIDB Bzimport
Modified: 2026-07-01 17:05 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-07-01 14:02:56 UTC
In the Linux kernel, the following vulnerability has been resolved:

debugobjects: Don't call fill_pool() in early boot hardirq context

When booting a debug PREEMPT_RT kernel on an ARM64 system, a "inconsistent
{HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage" lockdep warning message was
reported to the console.

During early boot, interrupts are enabled before the scheduler is
enabled. In this window (before SYSTEM_SCHEDULING is set) interrupts can
fire and in the hard interrupt context handler attempt to fill the pool

This can lead to a deadlock when the interrupt occurred when the interrupt
hits a region which holds a lock that is required to be taken in the
allocation path.

Add a new can_fill_pool() helper and reorder the exception rule and forbid
this scenario by excluding allocations from hard interrupt context.

Comment 1 Mauro Matteo Cascella 2026-07-01 16:56:41 UTC
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026070140-CVE-2026-53326-8836@gregkh/T


Note You need to log in before you can comment on or make changes to this bug.