CVE-2026-53326

medium

Description

In the Linux kernel, the following vulnerability has been resolved: debugobjects: Don't call fill_pool() in early boot hardirq context When booting a debug PREEMPT_RT kernel on an ARM64 system, a "inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage" lockdep warning message was reported to the console. During early boot, interrupts are enabled before the scheduler is enabled. In this window (before SYSTEM_SCHEDULING is set) interrupts can fire and in the hard interrupt context handler attempt to fill the pool This can lead to a deadlock when the interrupt occurred when the interrupt hits a region which holds a lock that is required to be taken in the allocation path. Add a new can_fill_pool() helper and reorder the exception rule and forbid this scenario by excluding allocations from hard interrupt context.

References

https://git.kernel.org/stable/c/7bc71bdb1c1526c7f02a6adab324394ff1327b0a

https://git.kernel.org/stable/c/5d95f6b267f3d7fe54f42a3b224bb4a3d3990b41

https://git.kernel.org/stable/c/44b8b03a9fb5c575548fc72c674653d6baba142a

https://git.kernel.org/stable/c/3cc90ea0dd0fb1f8db577dcdc027fc46c06049f6

https://git.kernel.org/stable/c/27335c50014102e9077b784ebd314954286afcab

https://git.kernel.org/stable/c/0d046ae106255cba5eb83b23f78ee93f3620247d

Details

Source: Mitre, NVD

Published: 2026-07-01

Updated: 2026-07-04

Risk Information

CVSS v2

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00166