CVE-2026-43392
Analyzed Analyzed - Analysis Complete
Linux Kernel Sched Ext Starvation Vulnerability

Publication date: 2026-05-08

Last updated on: 2026-05-26

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix starvation of scx_enable() under fair-class saturation During scx_enable(), the READY -> ENABLED task switching loop changes the calling thread's sched_class from fair to ext. Since fair has higher priority than ext, saturating fair-class workloads can indefinitely starve the enable thread, hanging the system. This was introduced when the enable path switched from preempt_disable() to scx_bypass() which doesn't protect against fair-class starvation. Note that the original preempt_disable() protection wasn't complete either - in partial switch modes, the calling thread could still be starved after preempt_enable() as it may have been switched to ext class. Fix it by offloading the enable body to a dedicated system-wide RT (SCHED_FIFO) kthread which cannot be starved by either fair or ext class tasks. scx_enable() lazily creates the kthread on first use and passes the ops pointer through a struct scx_enable_cmd containing the kthread_work, then synchronously waits for completion. The workfn runs on a different kthread from sch->helper (which runs disable_work), so it can safely flush disable_work on the error path without deadlock.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-26
Generated
2026-06-19
AI Q&A
2026-05-08
EPSS Evaluated
2026-06-18
NVD
CVE-2026-43392
EUVD
EUVD-2026-28698
Affected Vendors & Products
Showing 12 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.12
linux linux_kernel 6.12
linux linux_kernel 6.12
linux linux_kernel 6.12
linux linux_kernel 6.12
linux linux_kernel 6.12
linux linux_kernel 6.12
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.13 (inc) to 6.18.20 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.9 (exc)
linux linux_kernel From 6.12.1 (inc) to 6.12.78 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's scheduler extension (sched_ext) related to the function scx_enable(). During the task switching loop from READY to ENABLED states, the calling thread's scheduling class changes from fair to ext. Since the fair class has higher priority than the ext class, workloads that saturate the fair class can indefinitely starve the enable thread, causing the system to hang.

The issue was introduced when the enable path switched from using preempt_disable() to scx_bypass(), which does not protect against starvation by fair-class tasks. Even the original preempt_disable() protection was incomplete, as in partial switch modes the calling thread could still be starved after preempt_enable() if switched to the ext class.

The fix involves offloading the enable operation to a dedicated system-wide real-time (SCHED_FIFO) kernel thread that cannot be starved by either fair or ext class tasks. This dedicated kthread is created lazily on first use and handles the enable work asynchronously, preventing starvation and system hangs.

Impact Analysis

This vulnerability can cause the system to hang indefinitely due to starvation of the enable thread in the Linux kernel scheduler. If your system runs workloads that heavily use the fair scheduling class, the enable thread may never get CPU time, leading to a system hang.

Such a hang can result in denial of service, making the system unresponsive and potentially causing disruption to applications and services running on the affected Linux system.

Mitigation Strategies

The vulnerability is fixed by offloading the enable body to a dedicated system-wide real-time (SCHED_FIFO) kernel thread which cannot be starved by either fair or ext class tasks.

To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix, as it addresses the starvation issue in scx_enable() by creating a dedicated kthread to handle the enable operations safely.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43392. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart