5.5
CVE-2026-45919
- EPSS 0.13%
- Veröffentlicht 27.05.2026 12:17:37
- Zuletzt bearbeitet 24.06.2026 17:22:38
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
sched/rt: Skip currently executing CPU in rto_next_cpu()
In the Linux kernel, the following vulnerability has been resolved:
sched/rt: Skip currently executing CPU in rto_next_cpu()
CPU0 becomes overloaded when hosting a CPU-bound RT task, a non-CPU-bound
RT task, and a CFS task stuck in kernel space. When other CPUs switch from
RT to non-RT tasks, RT load balancing (LB) is triggered; with
HAVE_RT_PUSH_IPI enabled, they send IPIs to CPU0 to drive the execution
of rto_push_irq_work_func. During push_rt_task on CPU0,
if next_task->prio < rq->donor->prio, resched_curr() sets NEED_RESCHED
and after the push operation completes, CPU0 calls rto_next_cpu().
Since only CPU0 is overloaded in this scenario, rto_next_cpu() should
ideally return -1 (no further IPI needed).
However, multiple CPUs invoking tell_cpu_to_push() during LB increments
rd->rto_loop_next. Even when rd->rto_cpu is set to -1, the mismatch between
rd->rto_loop and rd->rto_loop_next forces rto_next_cpu() to restart its
search from -1. With CPU0 remaining overloaded (satisfying rt_nr_migratory
&& rt_nr_total > 1), it gets reselected, causing CPU0 to queue irq_work to
itself and send self-IPIs repeatedly. As long as CPU0 stays overloaded and
other CPUs run pull_rt_tasks(), it falls into an infinite self-IPI loop,
which triggers a CPU hardlockup due to continuous self-interrupts.
The trigging scenario is as follows:
cpu0 cpu1 cpu2
pull_rt_task
tell_cpu_to_push
<------------irq_work_queue_on
rto_push_irq_work_func
push_rt_task
resched_curr(rq) pull_rt_task
rto_next_cpu tell_cpu_to_push
<-------------------------- atomic_inc(rto_loop_next)
rd->rto_loop != next
rto_next_cpu
irq_work_queue_on
rto_push_irq_work_func
Fix redundant self-IPI by filtering the initiating CPU in rto_next_cpu().
This solution has been verified to effectively eliminate spurious self-IPIs
and prevent CPU hardlockup scenarios.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 4.4.103 < 4.5
Linux ≫ Linux Kernel Version >= 4.9.66 < 4.10
Linux ≫ Linux Kernel Version >= 4.14.3 < 5.10.252
Linux ≫ Linux Kernel Version >= 5.11 < 5.15.202
Linux ≫ Linux Kernel Version >= 5.16 < 6.1.165
Linux ≫ Linux Kernel Version >= 6.2 < 6.6.128
Linux ≫ Linux Kernel Version >= 6.7 < 6.12.75
Linux ≫ Linux Kernel Version >= 6.13 < 6.18.14
Linux ≫ Linux Kernel Version >= 6.19 < 6.19.4
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.029 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
https://git.kernel.org/stable/c/d57d0746276a88ea43a2cc62b849fd8a95e32e41
https://git.kernel.org/stable/c/3b3c672a66db3de3b40f8a7057864bc1f874ede3
https://git.kernel.org/stable/c/16ca9f3117e9a294646c897daf08a5ab546c711b
https://git.kernel.org/stable/c/8ad5577b2d4acfd83f03d97a0aece2d18aac5f07
https://git.kernel.org/stable/c/a6a73403733e86748421f2eeaf028c85683ef896
https://git.kernel.org/stable/c/52aeb1e07ec223caf212f036817976c98d2aa250
https://git.kernel.org/stable/c/9f25edc5a20cb52a5abbf25f0724bb4732b81801
https://git.kernel.org/stable/c/94894c9c477e53bcea052e075c53f89df3d2a33e