CVE-2026-43475

Source
https://cve.org/CVERecord?id=CVE-2026-43475
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43475.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-43475
Downstream
Published
2026-05-08T14:22:33.553Z
Modified
2026-06-18T03:55:38.685062124Z
Summary
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT

This resolves the follow splat and lock-up when running with PREEMPT_RT enabled on Hyper-V:

[ 415.140818] BUG: scheduling while atomic: stress-ng-iomix/1048/0x00000002 [ 415.140822] INFO: lockdep is turned off. [ 415.140823] Modules linked in: intelraplmsr intelraplcommon inteluncorefrequencycommon intelpmccore pmttelemetry pmtdiscovery pmtclass intelpmcssramtelemetry intelvsec ghashclmulniintel aesniintel rapl binfmtmisc nlsascii nlscp437 vfat fat sndpcm hypervdrm sndtimer drmclientlib drmshmemhelper snd sg soundcore drmkmshelper pcspkr hvballoon hvutils evdev joydev drm configfs efipstore nfnetlink vsockloopback vmwvsockvirtiotransportcommon hvsock vmwvsockvmcitransport vsock vmwvmci efivarfs autofs4 ext4 crc16 mbcache jbd2 srmod sdmod cdrom hvstorvsc serioraw hidgeneric scsitransportfc hidhyperv scsimod hid hvnetvsc hypervkeyboard scsicommon [ 415.140846] Preemption disabled at: [ 415.140847] [<ffffffffc0656171>] storvscqueuecommand+0x2e1/0xbe0 [hvstorvsc] [ 415.140854] CPU: 8 UID: 0 PID: 1048 Comm: stress-ng-iomix Not tainted 6.19.0-rc7 #30 PREEMPT_{RT,(full)} [ 415.140856] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 09/04/2024 [ 415.140857] Call Trace: [ 415.140861] <TASK> [ 415.140861] ? storvscqueuecommand+0x2e1/0xbe0 [hvstorvsc] [ 415.140863] dumpstacklvl+0x91/0xb0 [ 415.140870] __schedule_bug+0x9c/0xc0 [ 415.140875] __schedule+0xdf6/0x1300 [ 415.140877] ? rtlockslowlocklocked+0x56c/0x1980 [ 415.140879] ? rcuiswatching+0x12/0x60 [ 415.140883] schedule_rtlock+0x21/0x40 [ 415.140885] rtlockslowlocklocked+0x502/0x1980 [ 415.140891] rtspinlock+0x89/0x1e0 [ 415.140893] hvringbufferwrite+0x87/0x2a0 [ 415.140899] vmbussendpacketmpbdesc+0xb6/0xe0 [ 415.140900] ? rcuiswatching+0x12/0x60 [ 415.140902] storvscqueuecommand+0x669/0xbe0 [hvstorvsc] [ 415.140904] ? HARDIRQverbose+0x10/0x10 [ 415.140908] ? __rqqosissue+0x28/0x40 [ 415.140911] scsi_queuerq+0x760/0xd80 [scsimod] [ 415.140926] __blkmqissuedirectly+0x4a/0xc0 [ 415.140928] blkmqissuedirect+0x87/0x2b0 [ 415.140931] blkmqdispatchqueuerequests+0x120/0x440 [ 415.140933] blkmqflushpluglist+0x7a/0x1a0 [ 415.140935] __blkflushplug+0xf4/0x150 [ 415.140940] __submitbio+0x2b2/0x5c0 [ 415.140944] ? submitbionoacctnocheck+0x272/0x360 [ 415.140946] submit_bionoacctnocheck+0x272/0x360 [ 415.140951] ext4readbhlock+0x3e/0x60 [ext4] [ 415.140995] ext4blockwritebegin+0x396/0x650 [ext4] [ 415.141018] ? __pfxext4dagetblockprep+0x10/0x10 [ext4] [ 415.141038] ext4dawritebegin+0x1c4/0x350 [ext4] [ 415.141060] genericperformwrite+0x14e/0x2c0 [ 415.141065] ext4bufferedwriteiter+0x6b/0x120 [ext4] [ 415.141083] vfswrite+0x2ca/0x570 [ 415.141087] ksyswrite+0x76/0xf0 [ 415.141089] dosyscall64+0x99/0x1490 [ 415.141093] ? rcuiswatching+0x12/0x60 [ 415.141095] ? finishtaskswitch.isra.0+0xdf/0x3d0 [ 415.141097] ? rcuiswatching+0x12/0x60 [ 415.141098] ? lockrelease+0x1f0/0x2a0 [ 415.141100] ? rcuiswatching+0x12/0x60 [ 415.141101] ? finishtaskswitch.isra.0+0xe4/0x3d0 [ 415.141103] ? rcuiswatching+0x12/0x60 [ 415.141104] ? __schedule+0xb34/0x1300 [ 415.141106] ? hrtimertrytocancel+0x1d/0x170 [ 415.141109] ? donanosleep+0x8b/0x160 [ 415.141111] ? hrtimer_nanosleep+0x89/0x100 [ 415.141114] ? _pfxhrtimerwakeup+0x10/0x10 [ 415.141116] ? xfdvalidatestate+0x26/0x90 [ 415.141118] ? rcuiswatching+0x12/0x60 [ 415.141120] ? dosyscall64+0x1e0/0x1490 [ 415.141121] ? dosyscall64+0x1e0/0x1490 [ 415.141123] ? rcuiswatching+0x12/0x60 [ 415.141124] ? dosyscall64+0x1e0/0x1490 [ 415.141125] ? dosyscall64+0x1e0/0x1490 [ 415.141127] ? irqentryexit+0x140/0 ---truncated---

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43475.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d86adf482b843b3a58a9ec3b7c1ccdbf7c705db1
Fixed
cf00cb15f2515e38d3b7571bf6800b7c6ce70a84
Fixed
b82462af23e45e066dd56d2736ea70159a6ad647
Fixed
91ab59f76d0866079420ebff1c7959fcd87a242e
Fixed
e7919a293f9b6101e38bde0d8613daea6c9955df
Fixed
f8db760f4f52a73a022a3d6c84c488ead952a9b5
Fixed
c2e73d8acd056347a70047e6be7cd98e0e811dfa
Fixed
c7984d196476adcbd51c0ce386d7e90277198d57
Fixed
57297736c08233987e5d29ce6584c6ca2a831b12

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43475.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.11.0
Fixed
5.10.253
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.203
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.167
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.130
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.78
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.19
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.9

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43475.json"