CVE-2026-43216
Published: May 6, 2026· Updated: May 11, 2026
Official Description
In the Linux kernel, the following vulnerability has been resolved:
net: Drop the lock in skb_may_tx_timestamp()
skb_may_tx_timestamp() may acquire sock::sk_callback_lock. The lock must
not be taken in IRQ context, only softirq is okay. A few drivers receive
the timestamp via a dedicated interrupt and complete the TX timestamp
from that handler. This will lead to a deadlock if the lock is already
write-locked on the same CPU.
Taking the lock can be avoided. The socket (pointed by the skb) will
remain valid until the skb is released. The ->sk_socket and ->file
member will be set to NULL once the user closes the socket which may
happen before the timestamp arrives.
If we happen to observe the pointer while the socket is closing but
before the pointer is set to NULL then we may use it because both
pointer (and the file's cred member) are RCU freed.
Drop the lock. Use READ_ONCE() to obtain the individual pointer. Add a
matching WRITE_ONCE() where the pointer are cleared.
Technical Analysis
CVE-2026-43216 requires local access, meaning attackers must already have a foothold on the target system.
Exploitation requires low privileges, which limits the exposure to scenarios where an attacker has already gained initial access.
A successful exploit results in availability disruption (denial of service), with a CVSS base score of 5.5.
CVSS v3.1 Vector Breakdown
Affected Vendors & Products
Exploit & PoC Resources
Official Patches & Advisories
All References (3)
Quick Facts
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2026-43216 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts