CVE-2026-43418

EPSS 0.02%
Veröffentlicht 08.05.2026 14:21:54
Zuletzt bearbeitet 12.05.2026 14:10:27
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

sched/mmcid: Prevent CID stalls due to concurrent forks

In the Linux kernel, the following vulnerability has been resolved:

sched/mmcid: Prevent CID stalls due to concurrent forks

A newly forked task is accounted as MMCID user before the task is visible
in the process' thread list and the global task list. This creates the
following problem:

 CPU1			CPU2
 fork()
   sched_mm_cid_fork(tnew1)
     tnew1->mm.mm_cid_users++;
     tnew1->mm_cid.cid = getcid()
-> preemption
			fork()
			  sched_mm_cid_fork(tnew2)
			    tnew2->mm.mm_cid_users++;
                            // Reaches the per CPU threshold
			    mm_cid_fixup_tasks_to_cpus()
			    for_each_other(current, p)
			         ....

As tnew1 is not visible yet, this fails to fix up the already allocated CID
of tnew1. As a consequence a subsequent schedule in might fail to acquire a
(transitional) CID and the machine stalls.

Move the invocation of sched_mm_cid_fork() after the new task becomes
visible in the thread and the task list to prevent this.

This also makes it symmetrical vs. exit() where the task is removed as CID
user before the task is removed from the thread and task lists.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 5

CNA 2 VulnDex Vulnerability Enrichment 11

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version fbd0e71dc370af73f6b316e4de9eed273dd90340

Version < f0189d49282e0458f3a737bd486c1ec048148f66

Status affected

Version fbd0e71dc370af73f6b316e4de9eed273dd90340

Version < b2e48c429ec54715d16fefa719dd2fbded2e65be

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 6.19

Status affected

Version 0

Version < 6.19

Status unaffected

Version <= 6.19.*

Version 6.19.9

Status unaffected

Version <= *

Version 7.0

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.07

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/f0189d49282e0458f3a737bd486c1ec048148f66

https://git.kernel.org/stable/c/b2e48c429ec54715d16fefa719dd2fbded2e65be

https://nvd.nist.gov/vuln/detail/CVE-2026-43418

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-43418

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-43418

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-43418