Vulnerability Details CVE-2026-46165
In the Linux kernel, the following vulnerability has been resolved:
openvswitch: vport: fix self-deadlock on release of tunnel ports
vports are used concurrently and protected by RCU, so netdev_put()
must happen after the RCU grace period. So, either in an RCU call or
after the synchronize_net(). The rtnl_delete_link() must happen under
RTNL and so can't be executed in RCU context. Calling synchronize_net()
while holding RTNL is not a good idea for performance and system
stability under load in general, so calling netdev_put() in RCU call
is the right solution here.
However,
when the device is deleted, rtnl_unlock() will call netdev_run_todo()
and block until all the references are gone. In the current code this
means that we never reach the call_rcu() and the vport is never freed
and the reference is never released, causing a self-deadlock on device
removal.
Fix that by moving the rcu_call() before the rtnl_unlock(), so the
scheduled RCU callback will be executed when synchronize_net() is
called from the rtnl_unlock()->netdev_run_todo() while the RTNL itself
is already released.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 1.8%
CVSS Severity
CVSS v3 Score 5.5
References
- https://git.kernel.org/stable/c/366c482965c673565ecb8bcfb15d5548f13a6a10
- https://git.kernel.org/stable/c/3df75fff46b1517eb479d8e6b8e3500763715dd0
- https://git.kernel.org/stable/c/6522d59fb7de55ce0f0f285d962243ddffebb01f
- https://git.kernel.org/stable/c/8ae6c15fc473c9ad03b0173330cce9a092c76154
- https://git.kernel.org/stable/c/aa69918bd418e700309fdd08509dba324fb24296
- https://git.kernel.org/stable/c/c741433f6c8dcdecd1d9549d89053761fd1ea413
Products affected by CVE-2026-46165
-
cpe:2.3:o:linux:linux_kernel:6.1.168
-
cpe:2.3:o:linux:linux_kernel:6.1.169
-
cpe:2.3:o:linux:linux_kernel:6.1.170
-
cpe:2.3:o:linux:linux_kernel:6.1.171
-
cpe:2.3:o:linux:linux_kernel:6.1.174
-
cpe:2.3:o:linux:linux_kernel:6.12.80
-
cpe:2.3:o:linux:linux_kernel:6.12.81
-
cpe:2.3:o:linux:linux_kernel:6.12.82
-
cpe:2.3:o:linux:linux_kernel:6.12.83
-
cpe:2.3:o:linux:linux_kernel:6.12.84
-
cpe:2.3:o:linux:linux_kernel:6.12.85
-
cpe:2.3:o:linux:linux_kernel:6.12.86
-
cpe:2.3:o:linux:linux_kernel:6.12.87
-
cpe:2.3:o:linux:linux_kernel:6.18.21
-
cpe:2.3:o:linux:linux_kernel:6.18.22
-
cpe:2.3:o:linux:linux_kernel:6.18.23
-
cpe:2.3:o:linux:linux_kernel:6.18.24
-
cpe:2.3:o:linux:linux_kernel:6.18.25
-
cpe:2.3:o:linux:linux_kernel:6.18.26
-
cpe:2.3:o:linux:linux_kernel:6.18.28
-
cpe:2.3:o:linux:linux_kernel:6.18.29
-
cpe:2.3:o:linux:linux_kernel:6.19.11
-
cpe:2.3:o:linux:linux_kernel:6.19.12
-
cpe:2.3:o:linux:linux_kernel:6.19.13
-
cpe:2.3:o:linux:linux_kernel:6.19.14
-
cpe:2.3:o:linux:linux_kernel:6.6.131
-
cpe:2.3:o:linux:linux_kernel:6.6.134
-
cpe:2.3:o:linux:linux_kernel:6.6.135
-
cpe:2.3:o:linux:linux_kernel:6.6.136
-
cpe:2.3:o:linux:linux_kernel:6.6.137
-
cpe:2.3:o:linux:linux_kernel:6.6.138
-
cpe:2.3:o:linux:linux_kernel:7.0
-
cpe:2.3:o:linux:linux_kernel:7.0.1
-
cpe:2.3:o:linux:linux_kernel:7.0.2
-
cpe:2.3:o:linux:linux_kernel:7.0.3
-
cpe:2.3:o:linux:linux_kernel:7.0.5
-
cpe:2.3:o:linux:linux_kernel:7.0.6
-
cpe:2.3:o:linux:linux_kernel:7.1