CVE-2026-43438
HIGH EPSS 2.6%
Published May 8, 20261mo ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
Published May 8, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago
Description
In the Linux kernel, the following vulnerability has been resolved: sched_ext: Remove redundant css_put() in scx_cgroup_init() The iterator css_for_each_descendant_pre() walks the cgroup hierarchy under cgroup_lock(). It does not increment the reference counts on yielded css structs. According to the cgroup documentation, css_put() should only be used to release a reference obtained via css_get() or css_tryget_online(). Since the iterator does not use either of these to acquire a reference, calling css_put() in the error path of scx_cgroup_init() causes a refcount underflow. Remove the unbalanced css_put() to prevent a potential Use-After-Free (UAF) vulnerability.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
2.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-416 Use After Free Memory Safety
Affected Products 5
References 4
- git.kernel.org https://git.kernel.org/stable/c/1336b579f6079fb8520be03624fcd9ba443c930b
- git.kernel.org https://git.kernel.org/stable/c/6eaaa67d6998f6c30c462b140db8c062e07ec473
- git.kernel.org https://git.kernel.org/stable/c/bf50f3285eda8a0173625fcdb5f183f96e1008cd
- git.kernel.org https://git.kernel.org/stable/c/cc095cd305fddbe25a968e4a78436ff9476cf0f6
Remediation
- git.kernel.org https://git.kernel.org/stable/c/1336b579f6079fb8520be03624fcd9ba443c930b
- git.kernel.org https://git.kernel.org/stable/c/6eaaa67d6998f6c30c462b140db8c062e07ec473
- git.kernel.org https://git.kernel.org/stable/c/bf50f3285eda8a0173625fcdb5f183f96e1008cd
- git.kernel.org https://git.kernel.org/stable/c/cc095cd305fddbe25a968e4a78436ff9476cf0f6