CVE-2026-43482 | sched_ext: Disable preemption between scx_claim_exit() and kicking helper work

In the Linux kernel, the following vulnerability has been resolved: sched_ext: Disable preemption between scx_claim_exit() and kicking helper work scx_claim_exit() atomically sets exit_kind, which prevents scx_error() from triggering further error handling. After claiming exit, the caller must kick the helper kthread work which initiates bypass mode and teardown. If the calling task gets preempted between claiming exit and kicking the helper work, and the BPF scheduler fails to schedule it back (since error handling is now disabled), the helper work is never queued, bypass mode never activates, tasks stop being dispatched, and the system wedges. Disable preemption across scx_claim_exit() and the subsequent work kicking in all callers - scx_disable() and scx_vexit(). Add lockdep_assert_preemption_disabled() to scx_claim_exit() to enforce the requirement.

Published: 2026-05-13 Last update: 2026-05-13 Assigner: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

NVD Status：Received，CVE State: published

View at NVD, CVE.org, EUVD

Conclusion & alert: CVE-2026-43482 is rated Low Risk (4.7/100): low exploitation likelihood (EPSS 0.02%). Mandatory action: Low composite risk—no urgent action required; patch on your normal maintenance cycle and revisit priority if CVSS or EPSS increases.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2026-43482

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-05-14	—	0.02%	—

Full EPSS history (1 record total)

Common vulnerability scoring system (CVSS) metrics for CVE-2026-43482

CVSS metrics for this CVE.

No CVSS data in dataset for this CVE.

Weakness enumeration for CVE-2026-43482

GitHub Security Advisory for CVE-2026-43482

GHSA-rgq2-6gcj-qprf · Severity: unknown — In the Linux kernel, the following vulnerability has been resolved: sched_ext: Disable...

OS Trackers for CVE-2026-43482

vendor	priority	summary	link
`debian`	unimportant	CVE-2026-43482 unimportant priority: Debian including 1 source packages (linux), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.	https://security-tracker.debian.org/tracker/CVE-2026-43482
`redhat`	—	—	https://access.redhat.com/security/cve/CVE-2026-43482
`suse`	medium	CVE-2026-43482 severity moderate: SUSE including 20 source package names (cluster-md-kmp-default, dlm-kmp-default, …), 178 product×package rows across 35 product lines (SUSE Linux Enterprise High Availability Extension 15 SP7, SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS, … (35 product lines)): Known Not Affected 178.	https://www.suse.com/security/cve/CVE-2026-43482/
`ubuntu`	medium	CVE-2026-43482 medium priority: Ubuntu including 161 source packages (linux, linux-allwinner-5.19, …), 1449 status rows across 9 suites (bionic, focal, jammy, noble, questing, resolute, trusty, upstream, xenial): DNE 1048, ignored 169, not-affected 122, released 83, needed 22, needs-triage 5.	https://ubuntu.com/security/CVE-2026-43482

Affected software / configurations for CVE-2026-43482

Vendor	Product	Version	Raw CPE
No affected products in dataset.

References for CVE-2026-43482

URL	Tags
https://git.kernel.org/stable/c/41423912f7ac7494ccd6eef411227b4efce740e0
https://git.kernel.org/stable/c/5131dbec2c10961b34f844bc30b400c3fa0bcc72
https://git.kernel.org/stable/c/522acaae34aa7e05859260056b39c7c030592a0c
https://git.kernel.org/stable/c/83236b2e43dba00bee5b82eb5758816b1a674f6a

cvelogic Threat Intelligence