Linux Kernel xprtrdma Re_receiving Decrement Leak Causing Hang
CVE-2026-43469 Published on May 8, 2026
xprtrdma: Decrement re_receiving on the early exit paths
In the Linux kernel, the following vulnerability has been resolved:
xprtrdma: Decrement re_receiving on the early exit paths
In the event that rpcrdma_post_recvs() fails to create a work request
(due to memory allocation failure, say) or otherwise exits early, we
should decrement ep->re_receiving before returning. Otherwise we will
hang in rpcrdma_xprt_drain() as re_receiving will never reach zero and
the completion will never be triggered.
On a system with high memory pressure, this can appear as the following
hung task:
INFO: task kworker/u385:17:8393 blocked for more than 122 seconds.
Tainted: G S E 6.19.0 #3
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/u385:17 state:D stack:0 pid:8393 tgid:8393 ppid:2 task_flags:0x4248060 flags:0x00080000
Workqueue: xprtiod xprt_autoclose [sunrpc]
Call Trace:
<TASK>
__schedule+0x48b/0x18b0
? ib_post_send_mad+0x247/0xae0 [ib_core]
schedule+0x27/0xf0
schedule_timeout+0x104/0x110
__wait_for_common+0x98/0x180
? __pfx_schedule_timeout+0x10/0x10
wait_for_completion+0x24/0x40
rpcrdma_xprt_disconnect+0x444/0x460 [rpcrdma]
xprt_rdma_close+0x12/0x40 [rpcrdma]
xprt_autoclose+0x5f/0x120 [sunrpc]
process_one_work+0x191/0x3e0
worker_thread+0x2e3/0x420
? __pfx_worker_thread+0x10/0x10
kthread+0x10d/0x230
? __pfx_kthread+0x10/0x10
ret_from_fork+0x273/0x2b0
? __pfx_kthread+0x10/0x10
ret_from_fork_asm+0x1a/0x30
Products Associated with CVE-2026-43469
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version 15788d1d1077ebe029c48842c738876516d85076 and below 7ea69259a60a364f56cf4aa9e2eafb588d1c762b is affected.
- Version 15788d1d1077ebe029c48842c738876516d85076 and below 8cb6b5d8296b1f99a8d36849901ebabfe3f749db is affected.
- Version 15788d1d1077ebe029c48842c738876516d85076 and below 74c39a47856bddcde7874f2196a00143b5cd0af9 is affected.
- Version 15788d1d1077ebe029c48842c738876516d85076 and below 49f53ee4e25297d886f14e31f355ad1c2735ddfb is affected.
- Version 15788d1d1077ebe029c48842c738876516d85076 and below 8127b5fec04757c2a41ed65bca0b3266968efd3b is affected.
- Version 15788d1d1077ebe029c48842c738876516d85076 and below dc3ebd7e2d73dbd4d317785735ffa6c4a6384ddf is affected.
- Version 15788d1d1077ebe029c48842c738876516d85076 and below 7b6275c80a0c81c5f8943272292dfe67730ce849 is affected.
- Version 5.13 is affected.
- Before 5.13 is unaffected.
- Version 5.15.203, <= 5.15.* is unaffected.
- Version 6.1.167, <= 6.1.* is unaffected.
- Version 6.6.130, <= 6.6.* is unaffected.
- Version 6.12.78, <= 6.12.* is unaffected.
- Version 6.18.19, <= 6.18.* is unaffected.
- Version 6.19.9, <= 6.19.* is unaffected.
- Version 7.0, <= * is unaffected.