CVE-2026-43230 Overview
CVE-2026-43230 is a Linux kernel vulnerability in the Reliable Datagram Sockets (RDS) networking subsystem. The flaw resides in the reconnect worker cancellation logic within net/rds. When the reconnect worker is canceled before it has been scheduled, the reconnect-pending bit is not reset and remains set indefinitely. This stuck state can prevent further reconnect operations from progressing correctly on the affected RDS connection. The issue has been resolved through multiple stable kernel commits across supported branches.
Critical Impact
A persistent reconnect-pending bit on an RDS connection can leave the connection in an inconsistent state, disrupting reliable datagram communication between hosts that rely on the RDS protocol.
Affected Products
- Linux kernel (mainline) — net/rds subsystem
- Linux kernel stable branches receiving the backport patches
- Distributions shipping kernels that include the RDS protocol module
Discovery Timeline
- 2026-05-06 - CVE-2026-43230 published to NVD
- 2026-05-06 - Last updated in NVD database
Technical Details for CVE-2026-43230
Vulnerability Analysis
The vulnerability exists in the Linux kernel's RDS (Reliable Datagram Sockets) networking code. RDS uses a delayed work item, the reconnect worker, to re-establish broken connections between endpoints. A reconnect-pending bit guards this worker so duplicate reconnect attempts are not queued for the same connection.
When the connection teardown path cancels the reconnect worker, it must also clear the reconnect-pending bit. The original implementation only cleared the bit inside the worker callback itself. If the worker was canceled before the kernel scheduler dispatched it, the callback never executed and the bit remained set.
With the bit stuck on, subsequent attempts to schedule a reconnect short-circuit because the connection appears to already have a pending reconnect. This produces a persistent stall in the RDS connection state machine.
Root Cause
The root cause is a missing state reset on a cancellation path, a form of state-management flaw in concurrent kernel code. The pending-bit lifecycle assumed the worker would always run to completion, but cancel_delayed_work style cancellations break that assumption. The fix updates the cancellation path to explicitly clear the reconnect-pending flag after canceling the worker.
Attack Vector
The NVD record does not assign a CVSS vector, attack vector, or severity for this entry. The defect is reachable through normal RDS connection lifecycle events on hosts that have the rds module loaded. There is no public exploit, no CISA KEV listing, and no evidence of exploitation in the wild associated with CVE-2026-43230.
The vulnerability is described in the upstream commits referenced by the NVD entry. See the Linux kernel stable commit bcf034fa5f66 and the parallel backports including 14eae5564053, 391200c274e9, 3cf001aff71b, 597c46a42930, 60b347333ec2, b89fc7c2523b, and ba2e3472022f for the full set of resolved branches.
Detection Methods for CVE-2026-43230
Indicators of Compromise
- No public indicators of compromise are associated with CVE-2026-43230. The flaw is a kernel state-management bug rather than a known exploitation primitive.
- Operationally observable symptoms include RDS connections that fail to recover after a transient transport disruption.
Detection Strategies
- Inventory hosts that load the rds and rds_rdma kernel modules using lsmod and tracking the uname -r kernel version against the fixed stable release lists.
- Monitor RDS-using workloads such as Oracle RAC interconnects for stalled connection states or repeated socket errors that correlate with reconnect failures.
- Use configuration management tooling to flag systems running unpatched kernel branches referenced in the upstream stable commits.
Monitoring Recommendations
- Collect kernel logs (dmesg, journalctl -k) and alert on RDS-related warnings or repeated reconnect attempts that fail to progress.
- Track kernel package versions across the fleet and reconcile them against vendor security advisories that reference CVE-2026-43230.
- Where RDS is not required, verify that the module is not auto-loaded and treat any load event as anomalous.
How to Mitigate CVE-2026-43230
Immediate Actions Required
- Apply the latest kernel updates from your Linux distribution that incorporate the upstream net/rds: Clear reconnect pending bit fix.
- Reboot systems after the kernel update so the patched rds module is in use; live patching is not guaranteed for this code path.
- If the RDS protocol is not used in your environment, blocklist the rds module to remove the vulnerable code from the attack surface.
Patch Information
The fix has been merged into the Linux stable tree across multiple branches. Reference commits include bcf034fa5f66, ba2e3472022f, b89fc7c2523b, 60b347333ec2, 597c46a42930, 3cf001aff71b, 391200c274e9, and 14eae5564053. Distribution maintainers backport these commits into their supported kernel packages — consult your vendor's security tracker for the exact fixed package version.
Workarounds
- Disable the RDS module when it is not required by adding install rds /bin/true to a file under /etc/modprobe.d/ and removing it from /etc/modules-load.d/.
- Restart RDS-dependent services and connections after detecting a stuck reconnect state, as a temporary operational measure until the patched kernel is deployed.
- Restrict access to hosts running unpatched kernels that expose RDS to untrusted networks via host firewall rules.
# Configuration example: prevent the rds module from loading until patched
echo 'install rds /bin/true' | sudo tee /etc/modprobe.d/disable-rds.conf
echo 'install rds_rdma /bin/true' | sudo tee -a /etc/modprobe.d/disable-rds.conf
sudo rmmod rds_rdma rds 2>/dev/null || true
# Verify the running kernel after patch deployment
uname -r
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
