CVE Tools

CVE-2026-43499

rtmutex: Use waiter::task instead of current in remove_waiter()

Published: May 21, 2026Updated: Jul 8, 2026 Sources: CVE List NVDCWE-416

Description

In the Linux kernel, the following vulnerability has been resolved: rtmutex: Use waiter::task instead of current in remove_waiter() remove_waiter() is used by the slowlock paths, but it is also used for proxy-lock rollback in rt_mutex_start_proxy_lock() when invoked from futex_requeue(). In the latter case waiter::task is not current, but remove_waiter() operates on current for the dequeue operation. That results in several problems: 1) the rbtree dequeue happens without waiter::task::pi_lock being held 2) the waiter task's pi_blocked_on state is not cleared, which leaves a dangling pointer primed for UAF around. 3) rt_mutex_adjust_prio_chain() operates on the wrong top priority waiter task Use waiter::task instead of current in all related operations in remove_waiter() to cure those problems. [ tglx: Fixup rt_mutex_adjust_prio_chain(), add a comment and amend the changelog ]

In plain language

AI Worth attention

This Linux kernel bug can let a local attacker crash the system (and possibly gain higher privileges) by triggering a mistake in real-time mutex cleanup; small businesses should patch because it’s a high-impact local issue, but there’s no clear evidence of real-world attacks.

Executive summary

CVE-2026-43499 is a Linux kernel real-time mutex (rtmutex) flaw where remove_waiter() uses the wrong task context (“current” instead of the waiter task), which can cause use-after-free conditions and incorrect priority/PI state handling; it requires low-effort local access.

If affected, business impact
System crash (denial of service)Possible privilege escalationService outage during exploitationCompromise of worker processes

What to do now

  1. Check your Linux kernel version (e.g., run uname -r).
  2. Compare it against the fixed kernel versions listed below and confirm whether your version includes the fix.
  3. Update your Linux kernel to include the fix (choose the matching line from the list of fixed versions for your distribution’s kernel branch).
  4. Reboot after applying the kernel update so the new kernel is actually running.
  5. If you cannot patch immediately, reduce local access to the affected machines (tighten who can log in) until the kernel is upgraded.
Patch / advisory Usually a quick update

CVSS Vector Breakdown

AV:LAC:LPR:LUI:NS:UC:HI:HA:H
Exploitability
AV:LAttack Vector
Local
AC:LAttack Complexity
Low
PR:LPrivileges Required
Low
UI:NUser Interaction
None
Scope
S:UScope
Unchanged
Impact
C:HConfidentiality
High
I:HIntegrity
High
A:HAvailability
High

Weaknesses

Affected Products

Linux
oss-projectaka the linux kernel
and 1 more affected products View all →

Exploitability

Official Patch Available

Attack Graph

Products CVE Techniques Tactics

Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/ + scroll to zoom, or go fullscreen.

MITRE ATT&CK

2 techniques
Initial Access
Privilege Escalation
View detailed technique mapping

References

and 4 more references View all →
4

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2026-43499 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows