CVE-2026-31734
Awaiting Analysis Awaiting Analysis - Queue
Race Condition in Linux Kernel sched_ext Component

Publication date: 2026-05-01

Last updated on: 2026-05-01

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix is_bpf_migration_disabled() false negative on non-PREEMPT_RCU Since commit 8e4f0b1ebcf2 ("bpf: use rcu_read_lock_dont_migrate() for trampoline.c"), the BPF prolog (__bpf_prog_enter) calls migrate_disable() only when CONFIG_PREEMPT_RCU is enabled, via rcu_read_lock_dont_migrate(). Without CONFIG_PREEMPT_RCU, the prolog never touches migration_disabled, so migration_disabled == 1 always means the task is truly migration-disabled regardless of whether it is the current task. The old unconditional p == current check was a false negative in this case, potentially allowing a migration-disabled task to be dispatched to a remote CPU and triggering scx_error in task_can_run_on_remote_rq(). Only apply the p == current disambiguation when CONFIG_PREEMPT_RCU is enabled, where the ambiguity with the BPF prolog still exists.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-01
Last Modified
2026-05-01
Generated
2026-05-07
AI Q&A
2026-05-01
EPSS Evaluated
2026-05-05
NVD
CVE-2026-31734
EUVD
EUVD-2026-26547
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :

The vulnerability could lead to a migration-disabled task being dispatched to a remote CPU incorrectly, which may cause errors in task scheduling within the Linux kernel. This could potentially affect system stability or performance by triggering unexpected errors in task migration handling.


Can you explain this vulnerability to me?

This vulnerability is in the Linux kernel's scheduler extension related to BPF (Berkeley Packet Filter) program migration handling. Specifically, a function called is_bpf_migration_disabled() had a false negative when the kernel was configured without PREEMPT_RCU. This caused the system to incorrectly allow a migration-disabled task to be dispatched to a remote CPU, which could trigger an error (scx_error) in the function task_can_run_on_remote_rq(). The fix ensures that the check for whether a task is migration-disabled is correctly applied only when PREEMPT_RCU is enabled, preventing this incorrect dispatch.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart