CVE-2026-43402

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free issue exists in the kthread component. When a kthread exits via make task dead(), it bypasses kthread exit(), causing the affinity node cleanup to be missed. Consequently, free kthread struct() frees the memory while the node remains linked in the global kthread affinity list. A subsequent list del() operation by another kthread can then write through dangling pointers into the freed and reused memory, leading to the corruption of the pid's rcu.func pointer.

Recommendations Consolidate all kthread exit paths by implementing kthread exit() as a macro that calls do exit() and introducing kthread do exit(), which is called from do exit() for any task with PF KTHREAD set to ensure kthread-specific cleanup always occurs.