CVE-2026-31734
Analyzed Analyzed - Analysis Complete
Race Condition in Linux Kernel sched_ext Component

Publication date: 2026-05-01

Last updated on: 2026-05-07

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix is_bpf_migration_disabled() false negative on non-PREEMPT_RCU Since commit 8e4f0b1ebcf2 ("bpf: use rcu_read_lock_dont_migrate() for trampoline.c"), the BPF prolog (__bpf_prog_enter) calls migrate_disable() only when CONFIG_PREEMPT_RCU is enabled, via rcu_read_lock_dont_migrate(). Without CONFIG_PREEMPT_RCU, the prolog never touches migration_disabled, so migration_disabled == 1 always means the task is truly migration-disabled regardless of whether it is the current task. The old unconditional p == current check was a false negative in this case, potentially allowing a migration-disabled task to be dispatched to a remote CPU and triggering scx_error in task_can_run_on_remote_rq(). Only apply the p == current disambiguation when CONFIG_PREEMPT_RCU is enabled, where the ambiguity with the BPF prolog still exists.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-01
Last Modified
2026-05-07
Generated
2026-06-16
AI Q&A
2026-05-01
EPSS Evaluated
2026-06-14
NVD
CVE-2026-31734
EUVD
EUVD-2026-26547
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.19 (inc) to 6.19.12 (exc)
linux linux_kernel From 6.18 (inc) to 6.18.22 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

The vulnerability could lead to a migration-disabled task being dispatched to a remote CPU incorrectly, which may cause errors in task scheduling within the Linux kernel. This could potentially affect system stability or performance by triggering unexpected errors in task migration handling.

Executive Summary

This vulnerability is in the Linux kernel's scheduler extension related to BPF (Berkeley Packet Filter) program migration handling. Specifically, a function called is_bpf_migration_disabled() had a false negative when the kernel was configured without PREEMPT_RCU. This caused the system to incorrectly allow a migration-disabled task to be dispatched to a remote CPU, which could trigger an error (scx_error) in the function task_can_run_on_remote_rq(). The fix ensures that the check for whether a task is migration-disabled is correctly applied only when PREEMPT_RCU is enabled, preventing this incorrect dispatch.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31734. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart