CVE-2026-43499

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the remove waiter() function within the rtmutex component. The function incorrectly uses the current task instead of waiter::task during dequeue operations. This occurs specifically during proxy-lock rollback in rt mutex start proxy lock() when called from futex requeue(), where waiter::task is not the current task. This leads to the rbtree dequeue occurring without the waiter::task::pi lock being held, the pi blocked on state of the waiter task remaining uncleared (creating a dangling pointer that may lead to Use-After-Free), and the rt mutex adjust prio chain() function operating on the incorrect top priority waiter task.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.