{"id":"CVE-2026-23419","summary":"net/rds: Fix circular locking dependency in rds_tcp_tune","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/rds: Fix circular locking dependency in rds_tcp_tune\n\nsyzbot reported a circular locking dependency in rds_tcp_tune() where\nsk_net_refcnt_upgrade() is called while holding the socket lock:\n\n======================================================\nWARNING: possible circular locking dependency detected\n======================================================\nkworker/u10:8/15040 is trying to acquire lock:\nffffffff8e9aaf80 (fs_reclaim){+.+.}-{0:0},\nat: __kmalloc_cache_noprof+0x4b/0x6f0\n\nbut task is already holding lock:\nffff88805a3c1ce0 (k-sk_lock-AF_INET6){+.+.}-{0:0},\nat: rds_tcp_tune+0xd7/0x930\n\nThe issue occurs because sk_net_refcnt_upgrade() performs memory\nallocation (via get_net_track() -\u003e ref_tracker_alloc()) while the\nsocket lock is held, creating a circular dependency with fs_reclaim.\n\nFix this by moving sk_net_refcnt_upgrade() outside the socket lock\ncritical section. This is safe because the fields modified by the\nsk_net_refcnt_upgrade() call (sk_net_refcnt, ns_tracker) are not\naccessed by any concurrent code path at this point.\n\nv2:\n  - Corrected fixes tag\n  - check patch line wrap nits\n  - ai commentary nits","modified":"2026-05-07T04:17:52.606617Z","published":"2026-04-03T13:24:23.958Z","related":["SUSE-SU-2026:21114-1","SUSE-SU-2026:21123-1","SUSE-SU-2026:21237-1","SUSE-SU-2026:21255-1","SUSE-SU-2026:21352-1","SUSE-SU-2026:21361-1","openSUSE-SU-2026:20572-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23419.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/026bbaeeab9e04534ee58882b6447300629b42f6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6a877ececd6daa002a9a0002cd0fbca6592a9244"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6ce948fa54599f369ff7fe8b793a6aae4b0762b2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8519e6883a942e510f33a0e634e27bcc3a844a40"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8babb271403378ba6836f6c8599c5313d0e2355d"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23419.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23419"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"3a58f13a881ed351198ffab4cf9953cf19d2ab3a"},{"fixed":"8babb271403378ba6836f6c8599c5313d0e2355d"},{"fixed":"8519e6883a942e510f33a0e634e27bcc3a844a40"},{"fixed":"6ce948fa54599f369ff7fe8b793a6aae4b0762b2"},{"fixed":"026bbaeeab9e04534ee58882b6447300629b42f6"},{"fixed":"6a877ececd6daa002a9a0002cd0fbca6592a9244"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"2a6efabed754c9dcf27e6def71317b374f58a852"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23419.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.18.0"},{"fixed":"6.6.130"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.77"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.17"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"6.19.7"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23419.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}