CVE-2026-43499: rtmutex: Use waiter::task instead of current in remove_waiter()

Published May 21, 2026
·
Updated

In the Linux kernel, the following vulnerability has been resolved: rtmutex: Use waiter::task instead of current in remove_waiter() remove_waiter() is used by the slowlock paths, but it is also used for proxy-lock rollback in rt_mutex_start_proxy_lock() when invoked from futex_requeue(). In the latter case waiter::task is not current, but remove_waiter() operates on current for the dequeue operation. That results in several problems: 1) the rbtree dequeue happens without waiter::task::pi_lock being held 2) the waiter task's pi_blocked_on state is not cleared, which leaves a dangling pointer primed for UAF around. 3) rt_mutex_adjust_prio_chain() operates on the wrong top priority waiter task Use waiter::task instead of current in all related operations in remove_waiter() to cure those problems. [ tglx: Fixup rt_mutex_adjust_prio_chain(), add a comment and amend the changelog ]

Affected Software

1 affected component
Linux Linux kernel

Event History

May 21, 2026
CVE Published
via MITRE·12:17 PM
Data Sourced
via MITRE·12:17 PM
Description
Data Sourced
via NVD·01:16 PM
Description
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2026-43499?

CVE-2026-43499 has a risk score of 52, indicating a medium severity vulnerability.

2

How do I fix CVE-2026-43499?

To mitigate CVE-2026-43499, update the Linux kernel to the latest patched version provided by your distribution.

3

What systems are affected by CVE-2026-43499?

CVE-2026-43499 affects specific versions of the Linux kernel.

4

What does CVE-2026-43499 impact?

CVE-2026-43499 impacts the functionality of rtmutex by altering the mechanism used in remove_waiter(), potentially affecting proxy-lock rollback operations.

5

Is there a workaround for CVE-2026-43499?

No specific workaround is recommended for CVE-2026-43499; applying updates is the best course of action.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203
CVE-2026-43499 - rtmutex: Use waiter::task instead of current in remove_waiter() - SecAlerts