CVE-2026-46165
Gravedad CVSS v3.1:
MEDIA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
28/05/2026
Última modificación:
10/06/2026
Descripción
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
openvswitch: vport: fix self-deadlock on release of tunnel ports<br />
<br />
vports are used concurrently and protected by RCU, so netdev_put()<br />
must happen after the RCU grace period. So, either in an RCU call or<br />
after the synchronize_net(). The rtnl_delete_link() must happen under<br />
RTNL and so can&#39;t be executed in RCU context. Calling synchronize_net()<br />
while holding RTNL is not a good idea for performance and system<br />
stability under load in general, so calling netdev_put() in RCU call<br />
is the right solution here.<br />
<br />
However,<br />
when the device is deleted, rtnl_unlock() will call netdev_run_todo()<br />
and block until all the references are gone. In the current code this<br />
means that we never reach the call_rcu() and the vport is never freed<br />
and the reference is never released, causing a self-deadlock on device<br />
removal.<br />
<br />
Fix that by moving the rcu_call() before the rtnl_unlock(), so the<br />
scheduled RCU callback will be executed when synchronize_net() is<br />
called from the rtnl_unlock()->netdev_run_todo() while the RTNL itself<br />
is already released.
Impacto
Puntuación base 3.x
5.50
Gravedad 3.x
MEDIA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.1.168 (incluyendo) | 6.1.175 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.6.131 (incluyendo) | 6.6.140 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.12.80 (incluyendo) | 6.12.88 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.18.21 (incluyendo) | 6.18.30 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.19.11 (incluyendo) | 7.0 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 7.0.1 (incluyendo) | 7.0.7 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:7.0:-:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- https://git.kernel.org/stable/c/366c482965c673565ecb8bcfb15d5548f13a6a10
- https://git.kernel.org/stable/c/3df75fff46b1517eb479d8e6b8e3500763715dd0
- https://git.kernel.org/stable/c/6522d59fb7de55ce0f0f285d962243ddffebb01f
- https://git.kernel.org/stable/c/8ae6c15fc473c9ad03b0173330cce9a092c76154
- https://git.kernel.org/stable/c/aa69918bd418e700309fdd08509dba324fb24296
- https://git.kernel.org/stable/c/c741433f6c8dcdecd1d9549d89053761fd1ea413



