CVE-2026-31647 (GCVE-0-2026-31647)
Vulnerability from cvelistv5
Published
2026-04-24 14:45
Modified
2026-04-24 14:45
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
idpf: fix PREEMPT_RT raw/bh spinlock nesting for async VC handling
Switch from using the completion's raw spinlock to a local lock in the
idpf_vc_xn struct. The conversion is safe because complete/_all() are
called outside the lock and there is no reason to share the completion
lock in the current logic. This avoids invalid wait context reported by
the kernel due to the async handler taking BH spinlock:
[ 805.726977] =============================
[ 805.726991] [ BUG: Invalid wait context ]
[ 805.727006] 7.0.0-rc2-net-devq-031026+ #28 Tainted: G S OE
[ 805.727026] -----------------------------
[ 805.727038] kworker/u261:0/572 is trying to lock:
[ 805.727051] ff190da6a8dbb6a0 (&vport_config->mac_filter_list_lock){+...}-{3:3}, at: idpf_mac_filter_async_handler+0xe9/0x260 [idpf]
[ 805.727099] other info that might help us debug this:
[ 805.727111] context-{5:5}
[ 805.727119] 3 locks held by kworker/u261:0/572:
[ 805.727132] #0: ff190da6db3e6148 ((wq_completion)idpf-0000:83:00.0-mbx){+.+.}-{0:0}, at: process_one_work+0x4b5/0x730
[ 805.727163] #1: ff3c6f0a6131fe50 ((work_completion)(&(&adapter->mbx_task)->work)){+.+.}-{0:0}, at: process_one_work+0x1e5/0x730
[ 805.727191] #2: ff190da765190020 (&x->wait#34){+.+.}-{2:2}, at: idpf_recv_mb_msg+0xc8/0x710 [idpf]
[ 805.727218] stack backtrace:
...
[ 805.727238] Workqueue: idpf-0000:83:00.0-mbx idpf_mbx_task [idpf]
[ 805.727247] Call Trace:
[ 805.727249] <TASK>
[ 805.727251] dump_stack_lvl+0x77/0xb0
[ 805.727259] __lock_acquire+0xb3b/0x2290
[ 805.727268] ? __irq_work_queue_local+0x59/0x130
[ 805.727275] lock_acquire+0xc6/0x2f0
[ 805.727277] ? idpf_mac_filter_async_handler+0xe9/0x260 [idpf]
[ 805.727284] ? _printk+0x5b/0x80
[ 805.727290] _raw_spin_lock_bh+0x38/0x50
[ 805.727298] ? idpf_mac_filter_async_handler+0xe9/0x260 [idpf]
[ 805.727303] idpf_mac_filter_async_handler+0xe9/0x260 [idpf]
[ 805.727310] idpf_recv_mb_msg+0x1c8/0x710 [idpf]
[ 805.727317] process_one_work+0x226/0x730
[ 805.727322] worker_thread+0x19e/0x340
[ 805.727325] ? __pfx_worker_thread+0x10/0x10
[ 805.727328] kthread+0xf4/0x130
[ 805.727333] ? __pfx_kthread+0x10/0x10
[ 805.727336] ret_from_fork+0x32c/0x410
[ 805.727345] ? __pfx_kthread+0x10/0x10
[ 805.727347] ret_from_fork_asm+0x1a/0x30
[ 805.727354] </TASK>
References
| URL | Tags | |
|---|---|---|
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/idpf/idpf_virtchnl.c",
"drivers/net/ethernet/intel/idpf/idpf_virtchnl.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b448529f2f2921c6fe82fd4e985cc7c05cbf02a3",
"status": "affected",
"version": "34c21fa894a1af6166f4284c81d1dc21efed8f38",
"versionType": "git"
},
{
"lessThan": "e02c974fc331f04b5ba2007d4bc6862df8a43148",
"status": "affected",
"version": "34c21fa894a1af6166f4284c81d1dc21efed8f38",
"versionType": "git"
},
{
"lessThan": "3bb632c6b6d8154e9019beda4a43a4b518ee3e8a",
"status": "affected",
"version": "34c21fa894a1af6166f4284c81d1dc21efed8f38",
"versionType": "git"
},
{
"lessThan": "591478118293c1bd628de330a99eb1eb2ef8d76b",
"status": "affected",
"version": "34c21fa894a1af6166f4284c81d1dc21efed8f38",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/idpf/idpf_virtchnl.c",
"drivers/net/ethernet/intel/idpf/idpf_virtchnl.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.9"
},
{
"lessThan": "6.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.19.*",
"status": "unaffected",
"version": "6.19.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.83",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.23",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19.13",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0",
"versionStartIncluding": "6.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix PREEMPT_RT raw/bh spinlock nesting for async VC handling\n\nSwitch from using the completion\u0027s raw spinlock to a local lock in the\nidpf_vc_xn struct. The conversion is safe because complete/_all() are\ncalled outside the lock and there is no reason to share the completion\nlock in the current logic. This avoids invalid wait context reported by\nthe kernel due to the async handler taking BH spinlock:\n\n[ 805.726977] =============================\n[ 805.726991] [ BUG: Invalid wait context ]\n[ 805.727006] 7.0.0-rc2-net-devq-031026+ #28 Tainted: G S OE\n[ 805.727026] -----------------------------\n[ 805.727038] kworker/u261:0/572 is trying to lock:\n[ 805.727051] ff190da6a8dbb6a0 (\u0026vport_config-\u003emac_filter_list_lock){+...}-{3:3}, at: idpf_mac_filter_async_handler+0xe9/0x260 [idpf]\n[ 805.727099] other info that might help us debug this:\n[ 805.727111] context-{5:5}\n[ 805.727119] 3 locks held by kworker/u261:0/572:\n[ 805.727132] #0: ff190da6db3e6148 ((wq_completion)idpf-0000:83:00.0-mbx){+.+.}-{0:0}, at: process_one_work+0x4b5/0x730\n[ 805.727163] #1: ff3c6f0a6131fe50 ((work_completion)(\u0026(\u0026adapter-\u003embx_task)-\u003ework)){+.+.}-{0:0}, at: process_one_work+0x1e5/0x730\n[ 805.727191] #2: ff190da765190020 (\u0026x-\u003ewait#34){+.+.}-{2:2}, at: idpf_recv_mb_msg+0xc8/0x710 [idpf]\n[ 805.727218] stack backtrace:\n...\n[ 805.727238] Workqueue: idpf-0000:83:00.0-mbx idpf_mbx_task [idpf]\n[ 805.727247] Call Trace:\n[ 805.727249] \u003cTASK\u003e\n[ 805.727251] dump_stack_lvl+0x77/0xb0\n[ 805.727259] __lock_acquire+0xb3b/0x2290\n[ 805.727268] ? __irq_work_queue_local+0x59/0x130\n[ 805.727275] lock_acquire+0xc6/0x2f0\n[ 805.727277] ? idpf_mac_filter_async_handler+0xe9/0x260 [idpf]\n[ 805.727284] ? _printk+0x5b/0x80\n[ 805.727290] _raw_spin_lock_bh+0x38/0x50\n[ 805.727298] ? idpf_mac_filter_async_handler+0xe9/0x260 [idpf]\n[ 805.727303] idpf_mac_filter_async_handler+0xe9/0x260 [idpf]\n[ 805.727310] idpf_recv_mb_msg+0x1c8/0x710 [idpf]\n[ 805.727317] process_one_work+0x226/0x730\n[ 805.727322] worker_thread+0x19e/0x340\n[ 805.727325] ? __pfx_worker_thread+0x10/0x10\n[ 805.727328] kthread+0xf4/0x130\n[ 805.727333] ? __pfx_kthread+0x10/0x10\n[ 805.727336] ret_from_fork+0x32c/0x410\n[ 805.727345] ? __pfx_kthread+0x10/0x10\n[ 805.727347] ret_from_fork_asm+0x1a/0x30\n[ 805.727354] \u003c/TASK\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2026-04-24T14:45:00.734Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b448529f2f2921c6fe82fd4e985cc7c05cbf02a3"
},
{
"url": "https://git.kernel.org/stable/c/e02c974fc331f04b5ba2007d4bc6862df8a43148"
},
{
"url": "https://git.kernel.org/stable/c/3bb632c6b6d8154e9019beda4a43a4b518ee3e8a"
},
{
"url": "https://git.kernel.org/stable/c/591478118293c1bd628de330a99eb1eb2ef8d76b"
}
],
"title": "idpf: fix PREEMPT_RT raw/bh spinlock nesting for async VC handling",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-31647",
"datePublished": "2026-04-24T14:45:00.734Z",
"dateReserved": "2026-03-09T15:48:24.127Z",
"dateUpdated": "2026-04-24T14:45:00.734Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…