CVE & CISA-KEV Catalog

CVE-2026-46290

UNSCORED

Description

In the Linux kernel, the following vulnerability has been resolved: x86/efi: Fix graceful fault handling after FPU softirq changes Since commit d02198550423 ("x86/fpu: Improve crypto performance by making kernel-mode FPU reliably usable in softirqs"), kernel_fpu_begin() calls fpregs_lock() which uses local_bh_disable() instead of the previous preempt_disable(). This sets SOFTIRQ_OFFSET in preempt_count during the entire EFI runtime service call, causing in_interrupt() to return true in normal task context. The graceful page fault handler efi_crash_gracefully_on_page_fault() uses in_interrupt() to bail out for faults in real interrupt context. With SOFTIRQ_OFFSET now set, the handler always bails out, leaving EFI firmware page faults unhandled. This escalates to die() which also sees in_interrupt() as true and calls panic("Fatal exception in interrupt"), resulting in a hard system freeze. On systems with buggy firmware that triggers page faults during EFI runtime calls (e.g., accessing unmapped memory in GetTime()), this causes an unrecoverable hang instead of the expected graceful EFI_ABORTED recovery. Fix by replacing in_interrupt() with !in_task(). This preserves the original intent of bailing for interrupts or NMI faults, while no longer falsely triggering from the FPU code path's local_bh_disable(). [ardb: Sashiko spotted that using 'in_hardirq() || in_nmi()' leaves a window where a softirq may be taken before fpregs_lock() is called, but after efi_rts_work.efi_rts_id has been assigned, and any page faults occurring in that window will then be misidentified as having been caused by the firmware. Instead, use !in_task(), which incorporates in_serving_softirq(). ]

How to fix

Remediation Available
linuxDebian
Fixed in:7.0.7-1CVE-2026-46290
linux-image-6.17.0-1028-oemUbuntu
Fixed in:6.17.0-1028.28USN-8491-1
linux-image-oem-24.04Ubuntu
Fixed in:6.17.0-1028.28USN-8491-1
linux-image-oem-24.04aUbuntu
Fixed in:6.17.0-1028.28USN-8491-1
linux-image-oem-24.04bUbuntu
Fixed in:6.17.0-1028.28USN-8491-1
linux-image-oem-24.04cUbuntu
Fixed in:6.17.0-1028.28USN-8491-1
linux-image-oem-24.04dUbuntu
Fixed in:6.17.0-1028.28USN-8491-1
linux-image-oem-6.17Ubuntu
Fixed in:6.17.0-1028.28USN-8491-1
linux-oem-6.17Ubuntu
Fixed in:6.17.0-1028.28USN-8491-1

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3.1 Vector

No CVSS vector data available.

Exploit Intelligence

0.17%probability of exploitation in 30 days
6thpercentile

Low risk: more likely to be exploited than 6% of all known CVEs.

References

Embed a live status badge for CVE-2026-46290
CVE-2026-46290 severity badge

Markdown

[![CVE-2026-46290](https://tridentstack.com/cve/badge/CVE-2026-46290.svg)](https://tridentstack.com/cve/CVE-2026-46290)

HTML

<a href="https://tridentstack.com/cve/CVE-2026-46290"><img src="https://tridentstack.com/cve/badge/CVE-2026-46290.svg" alt="CVE-2026-46290"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-06-17.