CVE-2026-53328
Received Received - Intake

NULL cgrp_moving_from Warning in Linux Kernel sched_ext

Vulnerability report for CVE-2026-53328, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-01

Last updated on: 2026-07-01

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: sched_ext: Don't warn on NULL cgrp_moving_from in scx_cgroup_move_task() A WARN fires when systemd's user manager writes "+cpu +memory +pids" to its own subtree_control while a sched_ext scheduler is loaded: WARNING: at kernel/sched/ext.c:3227 scx_cgroup_move_task+0xa8/0xb0 scx_cgroup_move_task+0xa8/0xb0 sched_move_task+0x134/0x290 cpu_cgroup_attach+0x39/0x70 cgroup_migrate_execute+0x37d/0x450 cgroup_update_dfl_csses+0x1e3/0x270 cgroup_subtree_control_write+0x3e7/0x440 scx_cgroup_can_attach() arms cgrp_moving_from only when a task's cpu cgroup changes. It can still be NULL when scx_cgroup_move_task() runs, through this sequence: Step Result --------------------------------- ---------------------------------- 1. cpu enabled on cgroup G cpu css = A 2. cpu toggled off then on for G A killed, B created (same cgroup) 3. an exiting task keeps A alive migration skips it, A now stale 4. +memory migrates G stale A vs current B pulls cpu in 5. cpu attach runs for all tasks hits a live, cpu-unchanged task 6. scx_cgroup_move_task() on it cgrp_moving_from NULL -> WARN The mismatch is that scx_cgroup_can_attach() keys on cgroup identity while migration drives the move on css identity, so a NULL cgrp_moving_from here is a legitimate css-only migration, not a missing prep. The call is already gated on cgrp_moving_from, so just drop the warning. ops.cgroup_prep_move() and ops.cgroup_move() stay paired.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-01
Last Modified
2026-07-01
Generated
2026-07-01
AI Q&A
2026-07-01
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
linux_kernel linux_kernel *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability occurs in the Linux kernel's sched_ext scheduler related to control group (cgroup) task migration. Specifically, a warning (WARN) is triggered when systemd's user manager writes certain resource controls (+cpu +memory +pids) to its own subtree_control while the sched_ext scheduler is loaded.

The root cause is that the function scx_cgroup_move_task() expects a non-NULL cgrp_moving_from pointer when moving tasks between cgroups. However, due to a mismatch in how cgroup identity and css (cgroup subsystem state) identity are handled during migration, cgrp_moving_from can be legitimately NULL, causing an unnecessary warning.

The fix involved removing this warning since the NULL cgrp_moving_from in this context is valid and does not indicate a missing preparation step. The migration operations remain correctly paired and functional.

Impact Analysis

This vulnerability primarily causes an unnecessary warning message (WARN) in the kernel logs when systemd's user manager modifies resource controls with the sched_ext scheduler loaded.

There is no indication from the description that this warning leads to a system crash, security breach, or functional failure. It is more of a false positive warning rather than a direct security risk.

Therefore, the impact is limited to potential confusion or noise in system logs, which could complicate troubleshooting or monitoring but does not directly compromise system security or stability.

Detection Guidance

This vulnerability manifests as a warning in the Linux kernel logs when systemd's user manager writes "+cpu +memory +pids" to its own subtree_control while a sched_ext scheduler is loaded.

To detect this issue, you should monitor your system kernel logs for warnings similar to the following message:

  • WARNING: at kernel/sched/ext.c:3227 scx_cgroup_move_task+0xa8/0xb0
  • scx_cgroup_move_task+0xa8/0xb0
  • sched_move_task+0x134/0x290
  • cpu_cgroup_attach+0x39/0x70
  • cgroup_migrate_execute+0x37d/0x450
  • cgroup_update_dfl_csses+0x1e3/0x270
  • cgroup_subtree_control_write+0x3e7/0x440

You can check the kernel logs using commands such as:

  • dmesg | grep scx_cgroup_move_task
  • journalctl -k | grep scx_cgroup_move_task
  • journalctl -k | grep WARNING
Mitigation Strategies

The vulnerability is addressed by dropping the warning that fires on a NULL cgrp_moving_from in scx_cgroup_move_task(), as this condition is legitimate in certain migration scenarios.

Immediate mitigation involves updating your Linux kernel to a version where this fix is applied, which prevents the warning from firing unnecessarily.

Since this issue is a warning rather than a security exploit, no additional immediate action is required beyond applying the kernel update.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53328. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart