Linux kernel rtmutex remove_waiter() use-after-free in proxy-lock rollback
CVE-2026-43499 is a Linux kernel rtmutex vulnerability in remove_waiter(). The bug arises because remove_waiter() is used both in normal slowlock paths and during proxy-lock rollback in rt_mutex_start_proxy_lock() when invoked from futex_requeue(). In the proxy-lock rollback case, waiter::task may differ from current, but the vulnerable code performed dequeue and related operations against current instead of waiter::task. According to the provided fix description, this causes the rbtree dequeue to occur without holding waiter::task::pi_lock, fails to clear the waiter task's pi_blocked_on state, and can leave a dangling pointer primed for use-after-free. It also causes rt_mutex_adjust_prio_chain() to operate on the wrong top-priority waiter task. The fix changes remove_waiter() and related operations to consistently use waiter::task instead of current.
Are you exposed to this one?
Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.
Impact, mitigation & remediation
What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.
Impact
What an attacker gets, and what they’ve been doing with it.
Mitigation
If you can’t patch tonight, do this now.
Remediation
Patch, then assume compromise.
Exploits
No public exploits tracked yet. Mallory keeps watching.
No public exploit code observed for this vulnerability.
Affected products & vendors
Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.
Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.
Recent activity
18 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Referenced as one of many vulnerabilities solved by SUSE security updates; no technical details provided in the content.
A specific vulnerability identified as CVE-2026-43499 is referenced in the context of initial exploit code and a writeup being created, indicating security research or exploit development activity.
A Linux kernel rtmutex flaw in remove_waiter() where current was used instead of waiter::task during dequeue and related operations, causing improper locking, uncleared pi_blocked_on state, dangling pointer/UAF risk, and incorrect priority-chain adjustment.
Linux kernel rtmutex vulnerability involving incorrect task reference handling in waiter removal.
The version that knows your environment.
Query your assets running an affected version, and investigate the blast radius.
Every observed campaign linking this CVE to a named adversary.
Malware families riding this exploit, with evidence and IOCs.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Cross-references every affected SKU, including bundled OEM variants.
Community discussion across Reddit, Mastodon, and other social sources.