7.8
CVE-2026-53011
- EPSS 0.13%
- Veröffentlicht 24.06.2026 16:29:22
- Zuletzt bearbeitet 10.07.2026 19:24:19
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
net/sched: taprio: fix use-after-free in advance_sched() on schedule switch
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: fix use-after-free in advance_sched() on schedule switch In advance_sched(), when should_change_schedules() returns true, switch_schedules() is called to promote the admin schedule to oper. switch_schedules() queues the old oper schedule for RCU freeing via call_rcu(), but 'next' still points into an entry of the old oper schedule. The subsequent 'next->end_time = end_time' and rcu_assign_pointer(q->current_entry, next) are use-after-free. Fix this by selecting 'next' from the new oper schedule immediately after switch_schedules(), and using its pre-calculated end_time. setup_first_end_time() sets the first entry's end_time to base_time + interval when the schedule is installed, so the value is already correct. The deleted 'end_time = sched_base_time(admin)' assignment was also harmful independently: it would overwrite the new first entry's pre-calculated end_time with just base_time.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
≫
Produkt
Linux
Default Statusunaffected
Version
a3d43c0d56f1b94e74963a2fbadfb70126d92213
Version <
a8fc396519ef4f081bc545e88f61241728bb78d7
Status
affected
Version
a3d43c0d56f1b94e74963a2fbadfb70126d92213
Version <
3471874578160a28c171a607fa069f24062634b8
Status
affected
Version
a3d43c0d56f1b94e74963a2fbadfb70126d92213
Version <
7256996e1ef553716817f3bfd077c2f3b48b582f
Status
affected
Version
a3d43c0d56f1b94e74963a2fbadfb70126d92213
Version <
eee072fe16c646190d33ae69c9983d8de1562bf8
Status
affected
Version
a3d43c0d56f1b94e74963a2fbadfb70126d92213
Version <
1bd286fa3e21200133478ed523cc6a2788baf38a
Status
affected
Version
a3d43c0d56f1b94e74963a2fbadfb70126d92213
Version <
b73235da5dde77ed1264f9767b62c28c9d71fd78
Status
affected
Version
a3d43c0d56f1b94e74963a2fbadfb70126d92213
Version <
0e62171df8ed4804d00db088f17eed06468233fa
Status
affected
Version
a3d43c0d56f1b94e74963a2fbadfb70126d92213
Version <
105425b1969c5affe532713cfac1c0b320d7ac2b
Status
affected
HerstellerLinux
≫
Produkt
Linux
Default Statusaffected
Version
5.2
Status
affected
Version
0
Version <
5.2
Status
unaffected
Version <=
5.10.*
Version
5.10.258
Status
unaffected
Version <=
5.15.*
Version
5.15.209
Status
unaffected
Version <=
6.1.*
Version
6.1.175
Status
unaffected
Version <=
6.6.*
Version
6.6.141
Status
unaffected
Version <=
6.12.*
Version
6.12.91
Status
unaffected
Version <=
6.18.*
Version
6.18.33
Status
unaffected
Version <=
7.0.*
Version
7.0.10
Status
unaffected
Version <=
*
Version
7.1
Status
unaffected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.026 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
https://git.kernel.org/stable/c/a8fc396519ef4f081bc545e88f61241728bb78d7
https://git.kernel.org/stable/c/3471874578160a28c171a607fa069f24062634b8
https://git.kernel.org/stable/c/7256996e1ef553716817f3bfd077c2f3b48b582f
https://git.kernel.org/stable/c/eee072fe16c646190d33ae69c9983d8de1562bf8
https://git.kernel.org/stable/c/1bd286fa3e21200133478ed523cc6a2788baf38a
https://git.kernel.org/stable/c/b73235da5dde77ed1264f9767b62c28c9d71fd78
https://git.kernel.org/stable/c/0e62171df8ed4804d00db088f17eed06468233fa
https://git.kernel.org/stable/c/105425b1969c5affe532713cfac1c0b320d7ac2b