Deadlock Affecting rv package, versions *
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-CENTOS10-RV-17605278
- published27 Jun 2026
- disclosed24 Jun 2026
Introduced: 24 Jun 2026
NewCVE-2026-52946 (opens in a new tab)How to fix?
There is no fixed version for Centos:10 rv.
NVD Description
Note: Versions mentioned in the description apply only to the upstream rv package and not the rv package as distributed by Centos.
See How to fix? for Centos:10 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
fs/fcntl: fix SOFTIRQ-unsafe lock order in fasync signaling
A SOFTIRQ-safe to SOFTIRQ-unsafe lock order deadlock can occur in send_sigio() and send_sigurg() when a process group receives a signal.
When FASYNC is configured for a process group (PIDTYPE_PGID), both functions use read_lock(&tasklist_lock) to traverse the task list. However, they are frequently called from softirq context:
- send_sigio() via input_inject_event -> kill_fasync
- send_sigurg() via tcp_check_urg -> sk_send_sigurg (NET_RX_SOFTIRQ)
The deadlock is caused by the rwlock writer fairness mechanism:
- CPU 0 (process context) holds read_lock(&tasklist_lock) in do_wait().
- CPU 1 (process context) attempts write_lock(&tasklist_lock) in fork() or exit() and spins, which blocks all new readers.
- CPU 0 is interrupted by a softirq (e.g., TCP URG packet reception).
- The softirq calls send_sigurg() and attempts to acquire read_lock(&tasklist_lock), deadlocking because CPU 1 is waiting.
Since PID hashing and do_each_pid_task() traversals are already RCU-protected, the read_lock on tasklist_lock is no longer strictly required for safe traversal. Fix this by replacing tasklist_lock with rcu_read_lock(), aligning the process group signaling path with the single-PID path. This also mitigates a potential remote denial of service vector via TCP URG packets.
Lockdep splat:
WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [...] Chain exists of: &dev->event_lock --> &f_owner->lock --> tasklist_lock
Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(tasklist_lock); local_irq_disable(); lock(&dev->event_lock); lock(&f_owner->lock); <Interrupt> lock(&dev->event_lock);
*** DEADLOCK ***
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2492398
- https://access.redhat.com/security/cve/CVE-2026-52946
- https://git.kernel.org/stable/c/1bee417678f1135e35b25a37734db46aa94258d2
- https://git.kernel.org/stable/c/20a93e397abe850c49b6fa0e8cc827b5f634a8f5
- https://git.kernel.org/stable/c/32dbd5ce4be3a3ed7e00f8af18795cc84fc50a33
- https://git.kernel.org/stable/c/36c1b57b2ecf3c61ac93f5f07bd29b6f21e226ed
- https://git.kernel.org/stable/c/54626335ea4174ab2d9a183b511d825f6765e47b
- https://git.kernel.org/stable/c/897d6a7247739fb1528f98c575df4f2e5de7f994
- https://git.kernel.org/stable/c/b5fa9e32fb6718f70c986ee14dd5d01b4846f331
- https://git.kernel.org/stable/c/bfcc8e8d8a495bb34cae9e620adfb75fb13a3954