CVE-2026-53314

padata: Put CPU offline callback in ONLINE section to allow failure

Assigner: Linux
Reserved: 09.06.2026 Published: 26.06.2026 Updated: 26.06.2026

In the Linux kernel, the following vulnerability has been resolved:

padata: Put CPU offline callback in ONLINE section to allow failure

syzbot reported the following warning:

<pre>

DEAD callback error for CPU1
WARNING: kernel/cpu.c:1463 at _cpu_down+0x759/0x1020 kernel/cpu.c:1463, CPU#0: syz.0.1960/14614

</pre>

at commit 4ae12d8bd9a8 ("Merge tag 'kbuild-fixes-7.0-2' of git://git.kernel.org/pub/scm/linux/kernel/git/kbuild/linux") which tglx traced to padata_cpu_dead() given it's the only sub-CPUHP_TEARDOWN_CPU callback that returns an error.

Failure isn't allowed in hotplug states before CPUHP_TEARDOWN_CPU so move the CPU offline callback to the ONLINE section where failure is possible.

Product Status

Vendor	Linux
Product	Linux
Versions	Default: unaffected affected from 894c9ef9780c5cf2f143415e867ee39a33ecb75d to 65dae8b34f0810f3fa9f77c4c63650cd20820693 (excl.) affected from 894c9ef9780c5cf2f143415e867ee39a33ecb75d to a6d44f477000c6352de6b05e9e276e62083e5fbf (excl.) affected from 894c9ef9780c5cf2f143415e867ee39a33ecb75d to 3e6c08dd97dcd22a00aee469e0adfa819071d80e (excl.) affected from 894c9ef9780c5cf2f143415e867ee39a33ecb75d to 5a9f29a3e076b637d2234093e57989cf755ded5b (excl.) affected from 894c9ef9780c5cf2f143415e867ee39a33ecb75d to 9afe53f14a2aae8c4beb30e5ea51641a34f1a3d3 (excl.) affected from 894c9ef9780c5cf2f143415e867ee39a33ecb75d to c8c4a2972f83c8b68ff03b43cecdb898939ff851 (excl.) Version 2b1207801c393a5e9af2fbac2dd8b0377d8ae63a is affected Version 0685dfa0a2ff7635c0b64f7b7f0fafbf1c3e0c14 is affected Version 3f4d3d010477365ee1aefedc3ad52563740b777e is affected affected from 4.19.202 to 4.20 (excl.) affected from 5.4.22 to 5.5 (excl.) affected from 5.5.6 to 5.6 (excl.)

Vendor

Linux

Product

Linux

Versions

Default: unaffected

affected from 894c9ef9780c5cf2f143415e867ee39a33ecb75d to 65dae8b34f0810f3fa9f77c4c63650cd20820693 (excl.)
affected from 894c9ef9780c5cf2f143415e867ee39a33ecb75d to a6d44f477000c6352de6b05e9e276e62083e5fbf (excl.)
affected from 894c9ef9780c5cf2f143415e867ee39a33ecb75d to 3e6c08dd97dcd22a00aee469e0adfa819071d80e (excl.)
affected from 894c9ef9780c5cf2f143415e867ee39a33ecb75d to 5a9f29a3e076b637d2234093e57989cf755ded5b (excl.)
affected from 894c9ef9780c5cf2f143415e867ee39a33ecb75d to 9afe53f14a2aae8c4beb30e5ea51641a34f1a3d3 (excl.)
affected from 894c9ef9780c5cf2f143415e867ee39a33ecb75d to c8c4a2972f83c8b68ff03b43cecdb898939ff851 (excl.)
Version 2b1207801c393a5e9af2fbac2dd8b0377d8ae63a is affected
Version 0685dfa0a2ff7635c0b64f7b7f0fafbf1c3e0c14 is affected
Version 3f4d3d010477365ee1aefedc3ad52563740b777e is affected
affected from 4.19.202 to 4.20 (excl.)
affected from 5.4.22 to 5.5 (excl.)
affected from 5.5.6 to 5.6 (excl.)

Vendor	Linux
Product	Linux
Versions	Default: affected Version 5.6 is affected unaffected from 0 to 5.6 (excl.) unaffected from 6.1.175 to 6.1.* (incl.) unaffected from 6.6.141 to 6.6.* (incl.) unaffected from 6.12.91 to 6.12.* (incl.) unaffected from 6.18.33 to 6.18.* (incl.) unaffected from 7.0.10 to 7.0.* (incl.) unaffected from 7.1 to * (incl.)

Vendor

Linux

Product

Linux

Versions

Default: affected

Version 5.6 is affected
unaffected from 0 to 5.6 (excl.)
unaffected from 6.1.175 to 6.1.* (incl.)
unaffected from 6.6.141 to 6.6.* (incl.)
unaffected from 6.12.91 to 6.12.* (incl.)
unaffected from 6.18.33 to 6.18.* (incl.)
unaffected from 7.0.10 to 7.0.* (incl.)
unaffected from 7.1 to * (incl.)

References

CVE-2026-53314 PUBLISHED

padata: Put CPU offline callback in ONLINE section to allow failure

Product Status

References