CVE-2026-23419

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/rds: Fix circular locking dependency in rds_tcp_tune<br /> <br /> syzbot reported a circular locking dependency in rds_tcp_tune() where<br /> sk_net_refcnt_upgrade() is called while holding the socket lock:<br /> <br /> ======================================================<br /> WARNING: possible circular locking dependency detected<br /> ======================================================<br /> kworker/u10:8/15040 is trying to acquire lock:<br /> ffffffff8e9aaf80 (fs_reclaim){+.+.}-{0:0},<br /> at: __kmalloc_cache_noprof+0x4b/0x6f0<br /> <br /> but task is already holding lock:<br /> ffff88805a3c1ce0 (k-sk_lock-AF_INET6){+.+.}-{0:0},<br /> at: rds_tcp_tune+0xd7/0x930<br /> <br /> The issue occurs because sk_net_refcnt_upgrade() performs memory<br /> allocation (via get_net_track() -&gt; ref_tracker_alloc()) while the<br /> socket lock is held, creating a circular dependency with fs_reclaim.<br /> <br /> Fix this by moving sk_net_refcnt_upgrade() outside the socket lock<br /> critical section. This is safe because the fields modified by the<br /> sk_net_refcnt_upgrade() call (sk_net_refcnt, ns_tracker) are not<br /> accessed by any concurrent code path at this point.<br /> <br /> v2:<br /> - Corrected fixes tag<br /> - check patch line wrap nits<br /> - ai commentary nits