CVE-2026-43438
Published: May 8, 2026
Modified: May 11, 2026
CVSS v3.1
7.8
Description
In the Linux kernel, the following vulnerability has been resolved: sched_ext: Remove redundant css_put() in scx_cgroup_init() The iterator css_for_each_descendant_pre() walks the cgroup hierarchy under cgroup_lock(). It does not increment the reference counts on yielded css structs. According to the cgroup documentation, css_put() should only be used to release a reference obtained via css_get() or css_tryget_online(). Since the iterator does not use either of these to acquire a reference, calling css_put() in the error path of scx_cgroup_init() causes a refcount underflow. Remove the unbalanced css_put() to prevent a potential Use-After-Free (UAF) vulnerability.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 8195136669661fdfe54e9a8923c33b31c92fc1da - < cc095cd305fddbe25a968e4a78436ff9476cf0f6affected 8195136669661fdfe54e9a8923c33b31c92fc1da - < 6eaaa67d6998f6c30c462b140db8c062e07ec473affected 8195136669661fdfe54e9a8923c33b31c92fc1da - < bf50f3285eda8a0173625fcdb5f183f96e1008cdaffected 8195136669661fdfe54e9a8923c33b31c92fc1da - < 1336b579f6079fb8520be03624fcd9ba443c930b |
Linux | Linux | affected 6.12unaffected 0 - < 6.12unaffected 6.12.78 - <= 6.12.*unaffected 6.18.19 - <= 6.18.*unaffected 6.19.9 - <= 6.19.*+1 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now