CVE-2026-43438
Received Received - Intake
Use-After-Free in Linux Kernel Sched Ext

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: sched_ext: Remove redundant css_put() in scx_cgroup_init() The iterator css_for_each_descendant_pre() walks the cgroup hierarchy under cgroup_lock(). It does not increment the reference counts on yielded css structs. According to the cgroup documentation, css_put() should only be used to release a reference obtained via css_get() or css_tryget_online(). Since the iterator does not use either of these to acquire a reference, calling css_put() in the error path of scx_cgroup_init() causes a refcount underflow. Remove the unbalanced css_put() to prevent a potential Use-After-Free (UAF) vulnerability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-05-09
AI Q&A
2026-05-08
EPSS Evaluated
N/A
NVD
CVE-2026-43438
EUVD
EUVD-2026-28744
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?

The vulnerability is resolved by removing the unbalanced css_put() call in the Linux kernel's sched_ext subsystem. To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix.

  • Identify your current Linux kernel version.
  • Check for available kernel updates from your Linux distribution that address this issue.
  • Apply the kernel update and reboot your system to load the patched kernel.
  • If immediate update is not possible, consider restricting access to the affected kernel subsystems to trusted users only.

Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's scheduler extension (sched_ext) related to cgroup management. Specifically, the function scx_cgroup_init() incorrectly calls css_put() in an error path, even though the iterator css_for_each_descendant_pre() does not increment reference counts on the css structs it yields. Since css_put() should only be called to release references obtained via css_get() or css_tryget_online(), this unbalanced call causes a reference count underflow.

The consequence of this is a potential Use-After-Free (UAF) vulnerability, where memory that has already been freed might be accessed again, leading to undefined behavior or security risks.


How can this vulnerability impact me? :

This vulnerability can lead to a Use-After-Free condition in the Linux kernel, which may allow an attacker to execute arbitrary code, cause a system crash, or escalate privileges by exploiting the improper memory management.

Such impacts can compromise system stability and security, potentially allowing unauthorized access or denial of service.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart