7.8
/ 10
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Description
In the Linux kernel, the following vulnerability has been resolved:
sched_ext: Remove redundant css_put() in scx_cgroup_init()
The iterator css_for_each_descendant_pre() walks the cgroup hierarchy
under cgroup_lock(). It does not increment the reference counts on
yielded css structs.
According to the cgroup documentation, css_put() should only be used
to release a reference obtained via css_get() or css_tryget_online().
Since the iterator does not use either of these to acquire a reference,
calling css_put() in the error path of scx_cgroup_init() causes a
refcount underflow.
Remove the unbalanced css_put() to prevent a potential Use-After-Free
(UAF) vulnerability.
sched_ext: Remove redundant css_put() in scx_cgroup_init()
The iterator css_for_each_descendant_pre() walks the cgroup hierarchy
under cgroup_lock(). It does not increment the reference counts on
yielded css structs.
According to the cgroup documentation, css_put() should only be used
to release a reference obtained via css_get() or css_tryget_online().
Since the iterator does not use either of these to acquire a reference,
calling css_put() in the error path of scx_cgroup_init() causes a
refcount underflow.
Remove the unbalanced css_put() to prevent a potential Use-After-Free
(UAF) vulnerability.
Basic Information
ID
CVE-2026-43438
Source
Linux
Published
May 8, 2026 at 14:22
Modified
May 11, 2026 at 06:34
Affected Product
Vendor
Linux
Product
Linux
Version
8195136669661fdfe54e9a8923c33b31c92fc1da
Affected Versions
Linux Linux 8195136669661fdfe54e9a8923c33b31c92fc1da
Linux Linux 8195136669661fdfe54e9a8923c33b31c92fc1da
Linux Linux 8195136669661fdfe54e9a8923c33b31c92fc1da
Linux Linux 8195136669661fdfe54e9a8923c33b31c92fc1da
Linux Linux 6.12
Linux Linux 8195136669661fdfe54e9a8923c33b31c92fc1da
Linux Linux 8195136669661fdfe54e9a8923c33b31c92fc1da
Linux Linux 8195136669661fdfe54e9a8923c33b31c92fc1da
Linux Linux 6.12