SB2026032576 - Improper Check or Handling of Exceptional Conditions in Linux kernel sched

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Check or Handling of Exceptional Conditions (CVE-ID: CVE-2026-23371)

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to improper state management in the deadline scheduler (sched/deadline) when handling priority inheritance (PI) de-boosting. A local user can manipulate scheduling parameters via sched_setscheduler() on a SCHED_DEADLINE task that holds a PI mutex, leading to missing ENQUEUE_REPLENISH flag and subsequent bandwidth accounting corruption, which may trigger a kernel warning and result in a denial of service.

Exploitation requires the ability to create and control SCHED_DEADLINE tasks and manipulate their scheduling policy while holding PI mutexes.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/ba1c22924ddcc280672a2a06a9ca99ee3a1b92c3
• https://git.kernel.org/stable/c/d658686a1331db3bb108ca079d76deb3208ed949