CVE-2026-46165

In the Linux kernel, the following vulnerability has been resolved:

openvswitch: vport: fix self-deadlock on release of tunnel ports

vports are used concurrently and protected by RCU, so netdev put() must happen after the RCU grace period. So, either in an RCU call or after the synchronize net(). The rtnl delete link() must happen under RTNL and so can't be executed in RCU context. Calling synchronize net() while holding RTNL is not a good idea for performance and system stability under load in general, so calling netdev put() in RCU call is the right solution here.

However, when the device is deleted, rtnl unlock() will call netdev run todo() and block until all the references are gone. In the current code this means that we never reach the call rcu() and the vport is never freed and the reference is never released, causing a self-deadlock on device removal.

Fix that by moving the rcu call() before the rtnl unlock(), so the scheduled RCU callback will be executed when synchronize net() is called from the rtnl unlock()->netdev run todo() while the RTNL itself is already released.